CRA State of Ransomware Study: Invest Now or Pay Later

Discussion Topics

Findings from a January 2022 Research Study

Ransomware attacks continue at a blistering pace because organizations remain vulnerable to the exploits bad actors use. Many victims are paying ransom, and despite efforts to bolster defenses, many continue to struggle at detection and response.

The data and insights in this report are based on a survey conducted in January 2022 among 300 IT and cybersecurity decision-makers and influencers. All were in the United States except for 1% from Canada, with respondents drawn from organizations of all sizes and industries. 

Among the study’s key findings:

  • Forty-three percent of respondents suffered at least one ransomware attack during the past two years. Among them, 58% paid a ransom, 29% found their stolen data on the dark web, and 44% suffered financial losses.
  • Thirty-seven percent said they lack an adequate security budget, while 32% believe they’re powerless to prevent ransomware attacks because threat actors are too well-funded and sophisticated.
  • Remote workers and cloud platforms/apps were the three most common attack vectors:
    • Remote worker endpoint (36%)
    • Cloud infrastructure/platform (35%)
    • Cloud app (SaaS): 32%
    • Trusted third-party (25%)
    • DNS (25%)
    • Software supply chain provider/vendor (24%)
  • Exploitable vulnerabilities accounted for the most common initial infection point (63%), followed by privilege escalation (33%), credential exfiltration (32%), and averse mapped shares (27%).
  • Respondents are most concerned about losing access to their org’s sensitive data (70%); Stolen data being sold on the dark web (58%); ransomware gangs gaining privileged access and/or controlling directory services (53%).
  • Companies are not taking the threat lying down: 62% will increase ransomware protection spending.

How are attackers getting in? It has a lot to do with current work and cloud computing trends. Thirty-five percent of respondents report that ransomware attacks exploited remote workers. Among the various vectors were cloud infrastructure and platform services (35%), and cloud applications (32%). Other methods, such as DNS, software supply chain, third-party partners, and on-premises endpoints were also mentioned.

CRA State of Ransomware Study: Invest Now or Pay Later


Attivo NetworkseSentireMenlo Security