ExtraHop report: 85% of businesses have suffered a ransomware incident in the last five years, 72% have paid a ransom


SEATTLE–(BUSINESS WIRE). Ransomware Attack Landscape. the ExtraHop Cyber ​​Trust Index 2022 The report shows that IT organizations, no matter how adept at managing the dramatic changes of the last few years, are still exceeding the actual security posture.

Conducted by Wakefield Research, the survey found that 77% of ITDMs are very or completely confident in their organization’s ability to prevent or mitigate cybersecurity threats. Despite this confidence, 64% admit that half (or more) of their cybersecurity incidents are the result of their own outdated IT security posture, including widespread use of insecure and outdated protocols and a growing number of unmanaged devices. This overconfidence is even more dangerous given the prevalence of ransomware attacks – 85% said they had experienced at least one ransomware attack, and 74% said they had experienced multiple incidents in the past five years.

Other important results of the survey are:

  • The cost of ransomware is high: 72% of respondents admitted to having ever paid a ransom, while 42% of companies that suffered a ransomware attack said they paid the ransom demanded most or all of the time.
  • Damage to business: Ransomware attacks affect the entire organization. 51% of respondents reported business outages due to attacks on IT infrastructure, 44% reported business outages due to attacks on OT infrastructure such as medical equipment, factory automation systems, and 46% end-user outages due to attacks on users.
  • Everyone is looking for better insights, data and collaboration: When asked about their top challenges, 43% cited a lack of collaboration between their network, security, and cloud operations teams. Additionally, 40% cited a lack of investment, 39% the long time it takes to train new employees, and 35% cited inadequate or overlapping tools.
  • WFH with outdated logs: Despite the move to working remotely, 69% of respondents reported transferring sensitive data over unencrypted HTTP connections instead of more secure HTTPS connections. Another 68% still use SMBv1, the protocol exploited in large-scale attacks like WannaCry and NotPetya, causing more than $1 billion in damages worldwide.
  • Organizations are anything but transparent: While two-thirds (66%) of respondents agreed that disclosing attacks was a good thing, only 39% said they were completely open to attacks and willing to make information publicly available if they did happen.
  • Slow response times to critical vulnerabilities: When it comes to responding to critical vulnerabilities by installing patches or shutting down a vulnerable solution, response times vary. Only 26% respond in less than a day – probably fast enough to prevent most attacks, while 39% take one to three days, 24% up to a week and 8% up to a month.

“This study underscores the disconnects between the reality of today’s sophisticated attack landscape and the overconfidence many business leaders have in their ability to withstand an attack,” said Jeff Costlow, CISO at ExtraHop. “Defenders need tools that can track attacker activity across cloud, on-premises, and remote environments so they can identify and stop an attack before it can compromise the organization.”

This study shows that while organizations continue to innovate with cloud technologies and remote workforces, their IT infrastructures are mired in the past, with outdated protocols constantly providing attackers with opportunities to infiltrate networks and launch ransomware attacks. A lack of transparency and effective use of data has also contributed to companies struggling to identify vulnerabilities and prevent ongoing ransomware attacks. To address these challenges, organizations should look to ransomware mitigation tools that can capture network communications across all devices, and use technologies such as behavioral analysis and artificial intelligence to detect behaviors that indicate an ongoing ransomware attack. By using a network detection and response platform such as Reveal(x) 360 by ExtraHopDefenders can detect and stop ransomware attackers’ lateral movement and other post-compromise activities before they do any real damage.

Additional Resources


The survey of 500 security and IT decision makers in the US, UK, France and Germany was conducted by Wakefield Research and sponsored by ExtraHop. Respondents came from a variety of industries, including financial services, healthcare, manufacturing, and retail, and worked at companies of various sizes, including those with annual sales in excess of $50 million. About half of the participants were from the USA, with the rest from Great Britain, France and Germany.

About ExtraHop

Cyber ​​attackers have an advantage. ExtraHop is dedicated to helping you retake it with security that cannot be subverted, outsmarted, or compromised. Our dynamic cyber defense platform Reveal(x) 360 helps organizations detect and respond to advanced threats – before they endanger your business. We apply cloud-scale AI to petabytes of traffic per day, performing line-rate decoding and behavioral analysis across all infrastructure, workloads and data-in-flight. With ExtraHop’s complete visibility, organizations can spot malicious behavior, hunt down advanced threats, and forensically investigate any incident with confidence. ExtraHop has been recognized as a leader in Network Detection and Response by IDC, Gartner, Forbes, SC Media and many others.

Learn more at www.extrahop.com.

© 2022 ExtraHop Networks, Inc., Reveal(x), Reveal(x) 360, Reveal(x) Enterprise, and ExtraHop are registered trademarks or trademarks of ExtraHop Networks, Inc.


Comments are closed.