According to Symantec, ransomware attacks are now being conducted at a rate of 4,000 a day, yet a recent survey has shown that six out of ten office workers in the United States are unaware of the ransomware threat.
The survey was conducted on more than 1,000 office workers in the United States by security firm Avecto. Questions were asked to determine the effectiveness of security awareness training programs, with a particular focus on current threats such as crypto-ransomware.
Ransomware is a form of malware that locks files with powerful encryption once it is loaded onto a computer or network, preventing files from being accessed. A ransom is then demanded to supply a key to decrypt the data. Without access to critical business files, companies are often left with no alternative but to give in to the attacker’s demands and pay the ransom to unlock their data.
Then average ransom amount has almost doubled in the past 6 months from $294 at the end of 2015 to $679. That ransom amount is then multiplied by the number of devices affected. In large scale attacks, the ransom demand can be considerable. If an organization is infected, the attackers could simply name their price.
The lack of awareness of the ransomware threat means many businesses are exposed to a ransomware attack, especially considering 43% of ransomware infections occur as a result of the actions of office workers.
Those workers are commonly targeted using phishing and spear phishing emails and are tricked into installing ransomware on their networks. Ransomware is often disguised as invoices, purchase orders, or receipts. Malicious links are also used to spread infections. Users are then convinced to click the links – and download the ransomware – using social engineering techniques.
The survey showed that employers are failing to train employees effectively to counter the ransomware threat and safeguard employees’ safety online. 39% of respondents lacked confidence in the measures used by their employers to counter the growing number of cyber threats. 28% of respondents said that it is rare for them to receive security education, or that it is only provided after something has gone wrong.
According to Paul Kenyon, co-CEO at Avecto “Ransomware is a very real threat to businesses and we need to do more to educate employees on the risk of attack from the internet, or even business applications that are used every day.” Kenyon went on to say “Getting the basics right, and ensuring employees are well educated on the latest threats, is fundamental. Cyber security is a collective responsibility and we need to work together to stand up to cybercrime.”