IDC: Ransomware hitting more than a third of global firms

It feels as if ransomware is a major problem and, according to IDC, it is an issue that has impacted a third of firms worldwide in the past 12 months.

The channel has become well versed in reacting to customer demands for help in combating attacks and it is clear from the latest IDC numbers that there is still some way to go to help users.

Earlier this week, Accenture was hit by an attack launched by the Lockbit ransomware crew, although the IT services firm said no customer systems were affected.

IDC found that the Accenture attack was far from isolated and the targets for criminals were wide. In many cases, customers were left in a position where they felt they had no option but to pay the ransom demanded.

The firm also found that manufacturing and finance were the verticals hit most by ransomware, while transportation, communication and utilities/media industries reported the lowest rates of attack. The average ransomware pay-out was almost $250,000, but several incidents topped $1m.

“Ransomware has become the enemy of the day,” said Frank Dickson, programme vice-president, cyber security products at IDC. “The threat that was first feared on Pennsylvania Avenue and subsequently detested on Wall Street is now the topic of conversation on Main Street.

“As the greed of cyber miscreants has been fed, ransomware has evolved in sophistication, moving laterally, elevating privileges, actively evading detection, exfiltrating data, and leveraging multifaceted extortion. Welcome to digital transformation’s dark side.”

IDC stressed that the sophistication of attacks was continuing to develop and there was a need for an evolving response for customers to keep data protected.

Kevin Curran, IEEE senior member and professor of cyber security at Ulster University, said that it was clear from the IDC research that the attacks faced by customers and their channel partners were becoming increasingly sophisticated.

“Sadly, cyber crime has become an industry, and attackers are most certainly becoming far more organised,” he said. “Ransomware presents a continuous challenge and attacks are growing more sophisticated by the day.

“Once a network has been compromised, they further penetrate the connected internal network using exploits and automatic USB infection to encrypt files in addition to sending them outwards. A key threat of this malware is its ability to evade detection and it goes to great length to do so effectively.

“Once a device is infected, it typically encrypts all important documents on a computer and any attached network drives or backups and removes the files. Unfortunately, the only solution to most of these types of threats is to pay the scammers.”