A year ago, many people outside the security community had no idea what ransomware was. Now that major attacks have grabbed headlines and attracted the attention of the U.S. Congress and the White House, “ransomware” has entered the common vernacular.
While much has been written about eye-popping ransomware demands, not much has been reported about the internal aftermath of a ransomware attack on an organization — until now. In an attempt to investigate the impact of ransomware attacks from a more holistic perspective, Keeper has released the 2021 Ransomware Impact Report.
We surveyed 2000 employees across the U.S. whose companies had suffered a ransomware attack in the previous 12 months, questioning them about how the attack impacted their organization’s daily operations and its overall position.
Here are six major takeaways from our report.
1. Nearly one-third of employees were caught unaware.
An employee’s initial introduction to the term “ransomware” shouldn’t happen when its systems are taken down by an attack, but 29% of respondents told us they didn’t know what ransomware was prior to their employer being victimized.
2. A ransomware attack will almost certainly knock your systems offline.
You can keep calm, but you probably won’t be able to carry on, at least for a while. Seventy-seven percent of respondents said they were unable to access systems or networks post-attack. While the majority of outages lasted less than a week, 28% of respondents experienced outages for a week or longer.
On a related note, 64% of respondents reported losing their login credentials or documents as a result of changes their organizations made post-attack, which further harms productivity and adds additional indirect costs.
Download the 2021 Ransomware Impact Report Today
3. Most attacks were rooted in social engineering.
Phishing emails caused 42% of ransomware attacks, with malicious websites causing 23%, and compromised passwords 21%. This indicates that many, if not most ransomware attacks could be prevented by requiring that employees use strong, unique passwords for all accounts and enable multi-factor authentication wherever it’s supported.
4. Most organizations hardened their security post-ransomware attack.
Understandably, 87% of impacted companies enacted stricter security protocols after being attacked, with 62% implementing multi-factor authentication (2FA). This indicates that the impacted organizations weren’t using 2FA — or at least not using it wherever it’s supported — prior to being attacked. With social engineering techniques and compromised passwords playing such major roles in ransomware attacks, this finding should be a wakeup call for organizations that think they don’t need to mandate 2FA.
5. Nearly half of organizations paid the ransom.
To pay or not to pay? That’s a matter of debate even within the security community. While everyone agrees that paying encourages further attacks, when an organization is under active attack, its leadership is under tremendous pressure from both customers and company stakeholders to solve the problem as quickly as possible.
As a result, 49% of respondents told Keeper that their employers paid the ransom. However, 93% reported that their employers tightened budgets in other areas following the ransom payment.
6. Ransomware is the new scarlet letter.
Adding to the pressure that organizational leaders feel to pay the ransom and move on, 64% of respondents felt that suffering a ransomware attack had a negative impact on their organization’s reputation. With this in mind, it’s not surprising that 26% of respondents reported that their employers disclosed the attack only to partners and customers (not the general public), while 15% didn’t tell anyone. This indicates that ransomware attacks are likely far more pervasive than anyone realizes.
Learn More by Reading the Full 2021 Ransomware Impact Report
Download the full 2021 Ransomware Impact Report and you’ll also get a handy infographic to share with colleagues delivered with the report.
Keeper’s zero-knowledge, enterprise-grade password security and encryption platform gives IT administrators complete visibility into employee password practices, enabling them to monitor adoption of password requirements and enforce password security policies organization-wide, including strong, unique passwords and multi-factor authentication. Keeper takes only minutes to deploy, requires minimal ongoing management, and scales to meet the needs of any size organization.