Canadian firms pay for ransomed data: Study
Malwarebytes analyst says health-care industry is a top target for ransomware
A new report has revealed dozens of Canadian organizations were forced to pay attackers over the past year to regain access to computer files and IT systems infected with ransomware.
The finding is part of an international study conducted on behalf of a Silicon Valley company that fights ransomware, which typically locks legitimate users out of a system and sends a message requiring payment to get a software code or key.
The study, published by Malwarebytes, found 44 of the 125 Canadian respondents, all anonymous, reported having a ransomware attack on their organization in the previous 12 months. A majority of the victims, 33 of the respondents, said they’d paid ransoms with costs ranging from $1,000 to $50,000.
The study also found that 11 of the 44 organizations targeted by ransomware had to shut down their business for a period of time to deal with the attack and devote an average of nine person-hours to recover.
Five of the victim respondents, all identified as working in the health-care industry, said they believed lives were at risk.
“The decision to pay, especially in Canada, is directly linked to the risk of businesses getting shutdown and lives being lost as a result of a ransomware attack,” Jerome Segura, a Malwarebytes analyst, said in an email exchange.
“Results from the survey show that health care is one of the most targeted industries among those affected by ransomware.
“Nowadays, most patients’ records are digital and access to those is required for treatment procedures. Obviously, the equipment used by medical facilities is also dependent on data stored on computers.”
The Canadian findings were part of an international study of 540 people in four countries — Canada, the United States, the United Kingdom and Germany — who are employed as chief information officer, chief information security officer or information technology director.
An advance copy was provided to The Canadian Press and released generally on Wednesday.
Surveys of such small samples aren’t considered statistically accurate enough to make precise comparison.
However, Malwarebytes concludes that firms in Canada were the most likely to indicate they’d paid ransom demands once infected.