August 3, 2016

International Study Finds Nearly 40 Percent of Enterprises Hit By Ransomware in the Last Year

Crippling threat caused 34 percent of business victims to lose revenue and 20 percent even had to cease operations immediately

Executives in the U.S. are disproportionately targeted and 96 percent of U.S. organizations are not very confident in their ability to stop ransomware

SANTA CLARA, Calif. – August 3, 2016 – Malwarebytes™, the leading advanced malware prevention and remediation solution, released new findings today on the growing threat to companies from ransomware. The multi-country study surveyed 540 CIOs, CISOs and IT Directors from companies with an average of 5,400 employees across the U.S., Canada, U.K. and Germany and found that nearly 40 percent of businesses have experienced a ransomware attack in the last year. Of these victims, more than a third lost revenue and 20 percent had to stop business completely.

The report, entitled “State of Ransomware,” was sponsored by Malwarebytes and conducted by Osterman Research to explore ransomware attack frequency, how it works in an enterprise environment, ransom cost, infiltration points, impact, preparedness and more.

“Over the last four years, ransomware has evolved into one of the biggest cyber security threats in the wild, with instances of ransomware in exploit kits increasing 259 percent in the last five months alone,” said Nathan Scott, Senior Security Researcher at Malwarebytes and ransomware expert. “Until now, very few studies have examined the current prevalence and ramifications of actual ransomware incidents in the enterprise.”

Additional international findings include:

  • Nature of attacks: 46 percent of all ransomware attacks originated from email.
  • Cost of attacks: Nearly 60 percent of all ransomware attacks in the enterprise demanded over $1,000. Over 20 percent of attacks asked for more than $10,000, 1 percent even asked for over $150,000.
  • Many are paying the ransom: Globally, more than 40 percent of victims paid the ransom demands.
  • Significant time spent on remediation: More than 60 percent of attacks took more than 9 hours to remediate.
  • Attacks frequent in certain industries: Healthcare and financial services were the leading industries attacked with ransomware globally, both of which were targeted well above the average ransomware penetration rate of 39 percent.
  • Potential loss of life: Amazingly, 3.5 percent even said lives were at stake because of ransomware’s debilitating effects

Severe downtime: 63 percent spent more than an entire business day trying to fix endpoints

  • Switch from protection, to disaster planning: The most popular way of addressing the problem is not through protection, but by backing up data (over 71 percent).

In the United States alone, nearly 80 percent of companies have suffered a cyber attack in the last year and more than half experienced a ransomware incident. Seventy percent of attacks impacted mid-level managers or higher, while 96 percent of U.S. organizations are not very confident in their ability to stop ransomware.

Key U.S. findings include:

  • Security attacks with ransomware are increasing: Nearly 80 percent of U.S. companies have suffered a cyber attack in the last year and more than half experienced a ransomware incident. US organizations are the most attacked among the countries surveyed.
  • Ransomware attacks target healthcare and financial services: Healthcare and financial services were the leading industries attacked with ransomware globally, both targeted well above the average ransomware penetration rate of 39 percent.
  • Email is the top vector for spreading ransomware: More than half of the U.S. attacks originated with email. Germany (61 percent) and the United States (59 percent) both see the highest level of ingress for ransomware through email, either through email attachments or malicious links in email messages. Email is much less common in the United Kingdom as an entry point for ransomware (39 percent) and in Canada (30 percent).
  • Upper management and C-Level executives are at a higher risk: 4 percent of U.S. respondents noted ransomware attacks impacted mid level managers or higher, with 25 percent of incidents attacking senior executives and the C-Suite.
  • Cybercriminals held high value data for ransom: Nearly 80 percent of the U.S. organizations breached had high-value data held for ransom.
  • Attacks are impacting more than initial endpoints: More than 40 percent of ransomware attacks in all four countries were successful in impacting more than a single endpoint, with nearly 10 percent of the attacks affecting more than one-quarter of the endpoints in the business.
  • Security organizations are not confident in their defenses: Decision makers in US organizations have a relatively low level of confidence in their ability to effectively stop ransomware and are less confident about ransomware prevention than their counterparts in Canada, Germany and the United Kingdom. 96 percent of U.S. organizations aren’t very confident in their ability to stop ransomware.
  • Current enterprise security measures are weak against ransomware: Almost half of ransomware incidents in the U.S. occurred on a corporate desktop within the enterprise security environment.
  • Ransomware remediation takes hours: 44 percent of attacks on US companies forced IT staff to work more than nine hours to remediate the incident. Globally, the figure is 63 percent of incidents that took more than nine hours to remediate.

To address this issue head on, Malwarebytes also announced today, new anti-ransomware additions to Malwarebytes Endpoint Security, an innovative platform that delivers powerful multi-layered defense for smart endpoint protection against malware, and ransomware. Later this month, Endpoint Security platform customers will have access to signature-less behavioral monitoring technology that automatically detects and blocks both known and unknown ransomware, greatly reducing vulnerability to these attacks.

“The results from this survey further emphasize that any business in any region is incredibly vulnerable to ransomware,” said Marcin Kleczynski, CEO of Malwarebytes. “Cybercriminals are increasing their use of ransomware in their attack strategies globally, causing business disruption, loss of files and wasted IT man-hours. In order to stay safe, businesses must invest heavily in both employee education and technology. We are thrilled to be able to give companies a solution that can thoroughly protect them against ransomware threats.”

Osterman Research will be presenting a webinar on the study findings on Wednesday, August 10th. To register for the webinar, visit

To view the full State of Ransomware, visit

About Malwarebytes

Malwarebytes protects consumers and businesses against dangerous threats such as malware, ransomware, and exploits that escape detection by traditional antivirus solutions. Malwarebytes Anti-Malware, the company’s flagship product, has a highly advanced heuristic detection engine that removed more than five billion malicious threats from computers worldwide. More than 10,000 SMBs and enterprise businesses worldwide trust Malwarebytes to protect their data. Founded in 2008, the company is headquartered in California with offices in Europe, and a global team of researchers and experts. For more information, please visit us at

Malwarebytes reflects the operating philosophy of its founder and CEO Marcin Kleczynski: to create the best disinfection and protection solutions to combat the world’s most harmful Internet threats. Marcin was recently named “CEO of the Year” in the Global Excellence awards and has been named to the 2015 Forbes 30 Under 30 Rising Stars of Enterprise Technology list and the Silicon Valley Business Journal’s 40 Under 40 award, adding those to a 2014 Ernst & Young Entrepreneur of the Year Award.


Follow us on Facebook:

Follow us on Twitter: @malwarebytes

Follow us on LinkedIn:

See us on YouTube:

Read our latest Malwarebytes Labs blog:

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.