The number of ransomware attacks targeting companies increased threefold from January to September, affecting one in every five businesses worldwide.
According to a new report from security company Kaspersky Lab, the rate of ransomware attacks against businesses increased from one every two minutes to one every 40 seconds during that period. For consumers it was even worse, with the rate reaching one attack every 10 seconds in September.
During the third quarter of the year, there were 32,091 new ransomware variations detected by Kaspersky Lab compared to only 2,900 during the first quarter. Overall, 62 new ransomware families appeared this year, the company said.
This shows the interest that cybercriminals have in this type of malware and highlights its continued success, despite actions by law enforcement agencies and free decryption tools released by researchers and security companies.
Kaspersky's research revealed that small and medium-size businesses were hit the hardest, 42 percent of them falling victim to a ransomware attack over the past 12 months. Of those, one in three paid the ransom, but one in five never got their files back, despite paying.
Overall, 67 percent of companies affected by ransomware lost part or all of their corporate data and one in four victims spent several weeks trying to restore access, the Kaspersky researchers said.
The most successful ransomware program this year was CTB-Locker, accounting for 25 percent of all affected users. Next on the list was Locky with 7 percent and TeslaCrypt with 6.5 percent, even though this ransomware family was only active until May.
Ransomware attacks have become more targeted, attackers crafting their spear-phishing and social engineering attacks for specific organizations or industry segments that are more likely to be affected by a lack of data availability.
Employee IT security training remains very important in preventing ransomware attacks. According to Kaspersky, one in five incidents that resulted in significant data loss were caused by employee carelessness or lack of security awareness.
Companies should back up data regularly, use reliable endpoint security solutions, keep the software installed on their systems up to date, restrict access to sensitive data and educate their employees and IT teams about ransomware risks.
In they become victims, companies should check the No More Ransom website set up by security companies to check if there's a decryption tool available that could help them get their files back. They should also report incidents to their local law enforcement immediately, the Kaspersky researchers said.
The security vendor advises companies not to pay the ransom, because this can make them an even bigger target and increases the chance that the next ransom will be higher. It also encourages cybercriminals and might not result in the recovery of the affected files.
Sign up for Computerworld eNewsletters.