According to Symantec, only 47 percent of 2016 ransomware victims who paid up got their files back.
According to Symantec, only 47 percent of 2016 ransomware victims who paid up got their files back.

The U.S. suffered 34 percent of global ransomware infections last year – and it's no wonder why, with 64 percent of Americans willing to pay to retrieve their encrypted files, compared to just 34 percent of victims worldwide, according to the 2017 Internet Security Threat Report from Symantec.

And yet, paying the ransom doesn't guarantee a satisfactory resolution, as only 47 percent of global victims who paid up in 2016 reported getting their files back, the reported noted.

Based on data accumulated from Symantec's Global Intelligence Network, antivirus ransomware detections increased by 36 percent from 2015 to 2016, from 340,000 instances to 463,000 – although many more attacks were blocked earlier in the infection process.

The number of new ransomware facilities discovered also jumped last year, from only 30 in 2015 to 101 in 2016. The number of new variants of existing ransomwares, however, dipped. “It suggests that more attackers are opting to start with a clean slate by creating a new family of ransomware rather than tweaking existing families by creating new variants,” the report explains.

Ransomware infected machines operated by individual consumers 69 percent of the time, although Symantec noted that attackers are also developing more sophisticated attacks against businesses, silently penetrating their networks and moving laterally until they can encrypt multiple machines.

The price off ransom demands also skyrocketed, climbing 266 percent last year, from an average of $294 in 2015 to $1,077 in 2016. Symantec also reported evidence that ransomware attackers have begun customizing individual ransom demands based on the type of volume and data they have encrypted.

The growing threat of ransomware was further underscored by a second newly research document, 2017 Global Threat Intelligence Report from NTTSecurity, which found that 22 percent of all global incident engagements were related to ransomware, more than any other category of attack.

Of the ransomware attacks observed via NTTSecurity's intelligence network, 77 percent were concentrated among four industries – business and professional services (28 percent), government (19 percent), health care (15 percent), and retail (15 percent).

Half of all incidents affecting health care organizations involved ransomware. “This may indicate that attackers have identified health care institutions as a vulnerable target more willing to pay ransom than other sectors,” the report notes.

Neither report was limited exclusively to ransomware.

Noting the emergence of the Mirai IoT botnet in 2016, Symantec reported that the number of unique IP addresses targeting its honeypot almost doubled from January to December 2016, from 4.6 per hour to 8.8 per hour. The company also noted that the use of JavaScript downloaders and malicious macro downloaders in Microsoft Office files resulted in slightly over 7 million attempted infections in last year. And while total data breach figures held steady, the number of identities stolen practically doubled from 2015 to 2016, from 563.8 to 1.1 billion.

Meanwhile, NTTSecurity reported that 73 percent of malware programs delivered to organizations in 2016 were the result a phishing attack. Moreover, 30 percent of attacks detected worldwide targeted end-user technology such as Adobe products, Java and Microsoft Internet Explorer.