Ransomware Has Struck One-Third Of All Organizations: IDC

The research firm says ransomware attacks or breaches have hit one in three organizations worldwide over the past year.

In the past 12 months alone, more than one third of all organizations globally have faced some variety of ransomware incident—with it “not uncommon” for multiple ransomware events to strike an organization, according to a survey by IDC.

The research firm disclosed the findings in the wake of a ransomware attack on global solution provider Accenture that was revealed on Wednesday, and following the massive ransomware attack on IT management software firm Kaseya in July.

[Related: Ransomware Group Demanding $50M In Accenture Security Breach: Cyber Firm]

In the IDC survey, more than one third of organization reported that they’ve experienced a ransomware incident—an attack or breach—which prevented access to data or systems during the last 12 months.

For the ransomware victims, it is “not uncommon to have experienced multiple ransomware events,” IDC said in a news release.

Organizations in the U.S. have fared comparatively better to the rest of the world, IDC reported. Only 7 percent of U.S.-based companies have been hit by ransomware during the past year, compared to the global rate of 37 percent, the research firm said.

Notably, just 13 percent of ransomware victims said they did not pay a ransom, according to the survey. The average ransom payment was nearly $250,000, though IDC pointed out that several large ransom payments did skew the average.

While not mentioned in the IDC report, vendors and solution providers in the IT industry have been among the highest-profile targets for ransomware groups in recent months.

In the Accenture attack, a hacker group is reportedly demanding $50 million in exchange for 6 TB of data. Accenture referred CRN to a statement provided on Wednesday saying that it “contained the matter and isolated the affected servers” and that “there was no impact on Accenture’s operations, or on our clients’ systems.”

IT service providers have “become more attractive targets, because by virtue of compromising a service provider, you have a method of ingress into an awful lot of private industry networks,” said Douglas Grosfield, founder and CEO of Kitchener, Ontario-based Five Nines IT Solutions, in an interview with CRN. “I would think we’re going to see this kind of behavior happen more and more—as they test the waters and see if there are cracks in the foundation of the security architecture at service providers.”

In the July attack on Kaseya, ransomware operator REvil demanded $70 million demand to decrypt victim files. Kaseya later said it obtained a decryptor for the ransomware, but did not pay the ransom.

Among industries, the highest incident rates for ransomware were found in the manufacturing and finance industries, IDC reported. Transportation, communication, utilities and media saw ransomware attacks at the lowest rates.

In June, the Darkside ransomware gang broke into the Colonial Pipeline systems through an inactive account that didn’t use multifactor authentication, according to a consultant who investigated the attack. The ransomware attack prompted Colonial to shut down its 5,500-mile natural gas pipeline for five days, resulting in more than 10,000 gas stations across the Southeastern United States being out of fuel.