More than half (53 percent) of U.S. organizations that were infected with ransomware blamed legacy antivirus protection for failing to prevent the attack, according to SentinelOne. Nearly 7 out of 10 of these companies have replaced legacy AV with next-gen endpoint protection to prevent future ransomware infections.
AV fails to foil ransomware
Behind employee carelessness as the primary cause (56 percent blamed this), failed legacy AV protection is viewed as the leading factor in successful ransomware attacks, followed by un-timely responses (33 percent). Legacy vendors have failed to build solutions for new vectors – specifically, many legacy AVs still lack basic anti-exploit capabilities.
In addition to naming the most common reasons for successful attacks, respondents indicated their level of confidence in future defense with advanced technology:
- Ninety six percent of respondents who were infected with ransomware are confident they can prevent future attacks.
- Sixty eight percent of confident respondents state this is because they replaced legacy AV with next-gen endpoint protection.
Cost of ransomware: Negotiation leads to more attacks
The survey provides strong evidence that while ransomware attacks are on the rise, an organization should never pay the ransom in an attack due to the frequency of subsequent attacks, and infrequency of being able to unlock encrypted files:
- Forty five percent of U.S. companies hit with a ransomware attack last year paid at least one ransom; but only 26 percent of these companies had their files unlocked
- U.S. organizations that paid the ransoms were targeted and attacked again with ransomware 73 percent of the time.
Interestingly, 44 percent of respondents claim that employees have paid a ransom without the involvement or sanction of IT/security teams. The U.S. is also, on average, paying higher ransoms than any region worldwide and spending more hours responding to infections:
- The average value of ransoms paid by U.S. companies was $57,088 (global average is $49,060)
- The average estimated business cost as a result of a ransomware attack – including ransom, work-loss and time spent responding, is more than $900,000
- The average number of employee hours dedicated to responding to ransomware infection: 44 hours (global average: 40 hours).
Ransomware impact felt by partners and supply chain
Research also shows the significant negative impact ransomware attacks have on third-party suppliers and partners of organizations suffering an infection, magnifying the detriment attacks have on the U.S. business community as a whole:
- Forty six percent claim third-party suppliers and partners suffered downtime
- Thirty five percent claim third-party suppliers and partners suffered loss of productivity
- Twenty percent claim third-party suppliers and partners suffered loss of revenue.
“Attackers are continually refining ransomware attacks to bypass legacy AV and to trick unwitting employees into infecting their organization. Paying the ransom isn’t a solution either – attackers are treating paying companies like an ATM, repeating attacks once payment is made,” said Raj Rajamani, SentinelOne VP of Products. “The organizations with the most confidence in stopping ransomware attacks have taken a proactive approach and replaced legacy AV systems with next-gen endpoint protection. By autonomously monitoring for attack behaviors in real-time, organizations can detect and automatically stop attacks before they take hold.”