A new study by the cybersecurity company Semperis showed that companies tend to be attacked by ransomware groups several times. 74% of organizations that encountered a ransomware attack reported experiencing multiple attacks. These attacks caused problems at 87% of targeted organizations, 37% reported data loss and 33% had their systems taken offline. 40% of healthcare companies experienced data loss and 29% had their systems taken offline.
85% of the United Kingdom and United States surveyed organizations suffered one or more ransomware attacks in the last 12 months. The finance and healthcare sectors had the greatest number of attacks. 85 to 88% of survey participants in those sectors stated they encountered a ransomware attack in the last 12 months. Preliminary attacks in the education and healthcare sectors were most successful. 35% of healthcare companies reported having simultaneous attacks from several threat groups.
Censuswide together with Semperis surveyed 900 IT and security professionals in the U.S., the U.K., Germany and France. Based on the results, 78% of organizations that encountered an attack mentioned paying a ransom, and 32% paid a ransom at least 4 times last year. In Germany, multiple ransomware payments were common, with about 50% of German firms paying 4 or more ransoms. 20% of U.S. companies pay 4 or more ransoms in the past year. Semperis remarks that cybercriminals frequently install malware or backdoors into systems before encrypting files, so after the company has recovered, they can conduct more attacks.
75% of attacked organizations in the US and UK paid a ransom to recover access to their information, and 10% of those organizations gave over $600,000 in ransom payments. The survey revealed many organizations almost always pay a ransom even if paying a ransom doesn’t ensure a complete recovery. Based on the survey, 35% of organizations that paid the ransom didn’t get the decryption keys or did not get their files and data because of the corrupted decryption keys.
Semperis also surveyed the companies’ defenses that safeguard their identity systems. Although 70% of organizations had an identity recovery plan in the event of a ransomware attack, 61% said they lacked a focused backup system for Entra ID or Active Directory (AD). Just 27% of the surveyed organizations kept dedicated systems for retrieving Entra ID, AD, and identity controls.
Ransomware groups target the AD, which controls access for users, groups, programs, and resources. Being able to control the Active Directory allows an attacker to have the greatest opportunity to extort money. When the Active Directory is compromised, the threat actors take control of your system.
Companies can focus their effort and money on endpoint security; but, oftentimes, threat actors can work through endpoints and breach the network. Once within the network, they could access the entire identity system. If they control the identity system, they become quite powerful. The implementation of HIPAA encryption could help the companies to withstand such attacks.
Photo credits: Acadian Ambulance / alexlmx, AdobeStock.com