A study released this morning from Malwarebytes finds that, "nearly 80 percent of organizations have been the victim of a cyber attack during the past 12 months and nearly 50 percent have been the victim of a ransomware attack".
Their findings, alongside research from Osterman Research, were published in a month-long study titled "State of Ransomware 2016" with data from 540 companies in the U.S., Canada, the U.K. and Germany.
Ransomware attacks were found to be especially worse in the United Kingdom, with 54% of companies suffering an attack, versus 47% in the United States.
"Four out of five of the US organizations surveyed have suffered a security attack during the previous 12 months... More than one-quarter of those attacked have experienced more than 20 security attacks during the past year," the study states.
Although 40% of ransomware victims overall decided to pay the fee, surprisingly, 97% of U.S. companies chose not to. This is a drastic contrast to Canada, who paid the ransom 75% of the time.
Also interesting is the fact that even though the U.S. decided not to pay the ransom most of the time, they also had the lowest amount of confidence in stopping ransomware attacks. The U.S. had the highest number of "not very confident at all" responses to in their "confidence in the ability to stop ransomware", as well as the lowest number of "very confident responses" compared to the other countries surveyed.
Interestingly, overall only 28% of participants lost their files after refusing to pay the ransom; in Canada this number jumps to 82% even though they have the highest rate of paying the hackers. In Germany, only 11% of companies lost their files after refusing to pay.
To participate in the study, representatives had to be knowledgeable about their company's security practices, as well as be an IT director, CISO, or another related position.
Healthcare and financial services were found to be much more heavily targeted by ransomware attackers.