Anti-malware firm Malwarebytes released a new report covering ransomware attacks up to the end of November 2017. Ransomware attacks increased by 62%, because criminal gangs and cybercriminals use them to make money quickly. Since September 2015, ransomware attacks increase by 1988.6% and will most likely continue to increase.
According to Malwarebytes, the actual number of ransomware attacks is likely far higher. The reported number is not correct because many businesses do not report ransomware attacks to avoid potential reputational damage. Attacked entities choose to pay the ransom quietly and get back their data.
Malwarebytes also reported the increase of 23% year over year in average monthly cyberattacks on businesses. In the U.S., 21% of surveyed businesses claim they had no cyberattacks in the last 12 months. Malwarebytes takes into consideration the fact that many businesses do not actually know they had been attacked. That’s why there are significant discrepancies between different surveys. The PwC report showed 74% of businesses claim they had no cyberattacks last year. Compare that to Malwarebytes’ report which gave lower statistics after surveying IT manager, CIOs and CISOs. Clearly, even though there are cyberattacks, they are not reported to the C-suite so that the threat level is underestimated.
There also seemed to be a pattern that some businesses are more heavily targeted. 41% of businesses had 1 to 5 attacks. 10% had 6 to 10 attacks. 5% had 11 to 20 attacks and 22% had over 20 attacks last year. The number of cyberattacks right now is at such an alarming state yet many businesses ignore the threat and do not implement adequate defenses to fight attacks.
Cybercrime awareness needs to improve if businesses are to be ready to stop an attack, even allocate funds to mitigate the cybersecurity threat. Malwarebytes recommends elevating cybercrime from a tech issue to a critical business issue. Just consider how much damage serious cyberattacks can cause. Businesses should be ready to share knowledge and be transparent enough not to conceal attacks. Only then could proactive steps in implementing strong defenses is possible to fight back cybercriminals.