America was the victim of 34 percent of global ransomware infections in 2016. The "why" is clear; a whopping 64 percent of Americans are willing to pay to get their files back, as opposed to only 34 percent of victims worldwide, as per Symantec's 2017 Internet Security Threat Report.
Surprisingly, Symantec's results show paying ransom doesn't guarantee universal results as just 47 percent of global victims who paid up in 2016 reported getting their files back, which is in direct contradiction with our own experience, where we helped dozens of victims with a 95% successful return of all their files.
Note, these were organizations at their wit's end who found us on the internet and needed help to get their files back after an employee opened an infected attachment, not existing Knowbe4 customers calling us about our ransomware guarantee.
Newly discovered ransomware families jumped last year from 30 in 2015 to 101 in 2016. The number of new variants of existing ransomwares, however, dipped. “It suggests that more attackers are opting to start with a clean slate by creating a new family of ransomware rather than tweaking existing families by creating new variants,” the report said.
Infections of consumers at the house accounted for 69 percent, but Symantec found that that some attackers are executing more sophisticated attacks against businesses, where they silently penetrate the network, move laterally and then encrypt all machines at the same time.
The ransoms themselves also skyrocketed, climbing 266 percent last year, from an average of $294 in 2015 to $1,077 in 2016 helped by a Bitcoin price which is over $1,300 at the time of this writing. The report also showed that attackers have begun customizing individual ransom demands based on the type of data and the volume of files that were encrypted.
Symantec Report Confirmed By Verizon and NTT
Verizon's 2017 Data Breach Investigations Report (in which KnowBe4 participated as a data source) found that ransomware levels in 2016 were up 50 percent over 2015 figures. Verizon also found that the types of attacks targeting organizations vary from sector to sector. "Manufacturing has the lowest median level DDoS level, but the highest level of espionage-related breaches." Here is the Verizon Data Breach Investigations Report Executive Summary (PDF)
The growing threat was further confirmed by more research from NTTSecurity: 2017 Global Threat Intelligence Report, (PDF) which found that 22 percent of all global incident engagements were related to ransomware, more than any other category of attack.
Of the ransomware attacks observed via NTTSecurity's intelligence network, 77 percent were concentrated among four industries – business and professional services (28 percent), government (19 percent), health care (15 percent), and retail (15 percent).
Half of all incidents affecting health care organizations involved ransomware. “This may indicate that attackers have identified health care institutions as a vulnerable target more willing to pay ransom than other sectors,” their report noted.
We strongly recommend to phish your own users to prevent these types of very expensive snafus. If you're wondering how many people in your organization are susceptible to phishing, here is a free phishing security test (PST):
