Ransomware Revealed: Paying for the Protection of your Privacy

A study into understanding how North American employees perceive ransomware and potential reasons why ransomware attacks are drastically on the rise

One thing that has always been certain about why cybercriminals construct threat attacks is that they result in some degree of financial gain. Whether it is as simple as a phishing scam touting users to click on a convincing hyperlink or a sophisticated targeted attack on banks where ATMs dispense thousands of dollars in cash, the bottom line for many cyber malefactors is always the same: money.

While this is true of all cyberattacks, ransomware has become an increasingly popular attack strategy and is considered to be the most financially devastating attack vector for business organizations across all sizes and industries. In 2019, 43% of enterprises were targeted by ransomware attacks resulting in an average financial loss of $1.46 million.

Everyday users are not outside of cybercriminals’ target range either. Our experts observed 900,000 to 1.2 million of all users are targeted by ransomware every 6 months. Additionally, an EMSISOFT report found that ransomware attacks impacted at least 966 government agencies, educational establishments and healthcare providers last year, with ransom amounts averaging about $1 million reaching up to over $5 million.

Given these staggering numbers, it is clear that the popularity of ransomware will continue to grow, and businesses must prepare all employees – from their IT teams to their entry level staff – on how to spot ransomware attacks and the immediate best actions to take if breached.

Who is responsible?

We commissioned a survey on the awareness and perception of ransomware attacks in businesses across North America (the U.S. and Canada). The data found that on average, 45% of respondents would not know what steps to take in response to a ransomware attack, meaning their overall awareness level of this specific type of attack is limited at best.

When it comes to who should be held responsible for preventing such attacks from occurring, 68% of respondents agree that IT security should be most responsible for safeguarding private employee information.

How much do you value your data?

Since ransomware is a financially motivated attack, it begs the question of how much money businesses are willing to pay for their private information that is being held at ransom. In North America, 67% of respondents would not be willing to pay anything to recover personal digital files or devices they could no longer access if they fell victim to a ransomware attack.

For those who think the ransom should be paid in an attempt to conceal private information, 39% of respondents think that their business organization should be responsible for paying the ransom. Personal information was a top priority for employees to recover? 45% and 42% of employees in the U.S. and Canada were most concerned with recovering their social security numbers, with customer and employee banking details taking second and third place.

Tips, tricks and best practices for preventing ransomware.

Businesses and employees can do their part in minimizing ransomware attacks by following a few essential guidelines:

  • Install all security updates as soon as they appear. Most cyberattacks exploit vulnerabilities that have already been reported and addressed, so installing the latest security updates lowers the chances of an attack.
  • Protect remote access to corporate networks by VPN and use secure passwords for domain accounts.
  • Remember that ransomware is a criminal offence, and you shouldn’t pay a ransom. If you become a victim, report it to your local law enforcement agency. Additionally, local a free decryptor here: https://noransom.kaspersky.com.
  • Educate employees about cybersecurity hygiene to prevent attacks from happening. Kaspersky Interactive Protection Simulation Games offers a special scenario that focuses on threats relevant to local public administration.
  • Use a reliable such as Kaspersky Endpoint Security for Business or Kaspersky Security Cloud to protect devices not only from ransomware, but a huge range of other threats. Use Kaspersky Anti-Ransomware Tool for Business which is free and can be installed alongside your existing security solutions.

For more survey results and to download the full report please visit, Ransomware Revealed: Paying for the Protection of your Privacy.

Follow the conversation on social media with the hashtag #RansomwareRevealed.