The threat of ransomware is growing exponentially, yet only a third of US office workers know what it is.
Intermedia’s latest 2017 Data Vulnerability Report, which surveyed 1,000 US knowledge workers, found that even with the increased publicity and impact of global ransomware attacks like WannaCry and Petya, and emerging strains such as BadRabbit, awareness still lags behind. This is not for lack of effort among companies though, with 70% of office workers saying their organization regularly communicates about cyber threats and nearly one-third (30%) saying their organization specifically highlighted the WannaCry ransomware attack as an example.
The stakes are significant: The study shows that the average amount paid in ransom among office workers now stands at approximately $1,400.
Interestingly, the report found that employees shoulder costs of ransomware payments more often than employers: Of the office workers that have fallen victim to a ransomware attack at work, the majority (59%) paid the ransom personally, and 37% said their employers paid. About 68% of impacted owners and executive management said they personally paid a work-related ransom.
Also, more than 73% of impacted Millennial workers, often viewed as the most computer-savvy group of employees, report paying.
“Our latest report shows that, even in the face of increasing attacks, there are large gaps in overall awareness of how to handle a ransomware strike,” said Jonathan Levine, CTO at Intermedia. “Employees are willing to go to great lengths to try to get data back, including paying ransoms out of their own pockets, even though 19% of the time the data isn’t released even after the ransom is paid.”
SMBs are particularly vulnerable to ransomware attacks, the study uncovered.
“As ransomware continues to evolve and become more advanced, organizations of all sizes and types must acknowledge it as a very real threat,” Levine continued. “This is especially true for SMBs that may not have the resources, tools or training that larger organizations use to recognize, prevent and protect themselves from such attacks. Ransomware can infiltrate and shut down an entire business through just one infected computer. More often than not, SMBs feel they are forced to pay a ransom they can’t, but must, afford. And hackers realize this.”