Ransomware Survey: By the Numbers

Rick Vanover, Director of Technical Product Marketing, Guest Author

@RickVanover

Published date: December 12, 2016

If one thing has the attention of IT decision makers worldwide, it is the risk of ransomware. We frequently see headlines on outages caused by ransomware and the reality is that this is a big problem for organizations of all shapes and sizes.

Veeam has taken ransomware seriously for a while now . We’ve incorporated features into products, as well as started recommending technical practices and designs to provide resiliency to recover, should there be an incident. We took an additional step and tried to quantify ransomware incidents and some of this information was shocking. One important issue that I’ve raised recently in regard to ransomware is for anyone who thinks it is just a PC problem: It can be a data center problem as well. In fact, Veeam technical support helps customers recover from these incidents on nearly a daily basis!

To get some insight into the scope of ransomware today, we commissioned a survey in the summer of 2016 for nearly 1000 organizations (approximately 84% were Veeam customers) to share some insight on their ransomware experiences. Here are some of the findings from the survey:

  • Nearly 46% of the respondents have had some form of ransomware incident in the last two years.
  • Of those who had a ransomware incident, 91% had data encrypted.
  • Only 2% of the respondents admitted to paying the ransom for recovering their data.
  • Of that small sample who paid the ransom, all but one of them paid less than USD $10,000.
  • 84% of the respondents were able to recover their data without paying the ransom.

These are just a few numbers, but shocking in terms of the quantity of incidents. A few things also need to be said here to clarify these numbers. First of all, the ransomware incidents took place on a variety of platforms – they include PCs, data center workloads and more. Many other factors went into these responses.

What can you do with this information? I’ve taken it into account and can offer CIOs some practical advice to take to their infrastructure and application teams in order to build for resiliency against ransomware:

  1. Design with a ransomware attack in mind, this will help in mitigation.
  2. Get your entire IT team on the task of thinking about ransomware and what will happen if there is an attack in their area of expertise.
  3. Have the tools in place for prevention.
  4. Ensure that the Availability strategy is there in case a last line of defense is needed. Every ransomware prevention expert or organization that has made it successfully through will point to their backup saving the day.
  5. Invest in the education of your users.

Taking these points into consideration can help organizations navigate the risk of ransomware and keep service levels high without data loss. Veeam can also help here, so be sure to check our 7 tips to prevent ransomware attacks on backup storage.

September 7th

Hybrid cloud lays the groundwork for our digital future

August 30th

Veeam takes VMworld 2017 by storm

August 28th

The sky (well, the cloud) is the limit as Veeam announces Veeam Availability Suite for VMware Cloud on AWS

August 21st

Cisco to resell Veeam Availability solutions: Partnership grows even stronger