In the past 12 months alone, more than one-third of all organisations globally have faced some variety of ransomware incidents, with it “not uncommon” for multiple ransomware events to strike an organisation, according to a survey by IDC.
The research firm disclosed the findings in the wake of a ransomware attack on global solution provider Accenture that was revealed on Thursday, and following the massive ransomware attack on IT management software firm Kaseya in July.
In the IDC survey, more than one-third of organisations reported that they have experienced a ransomware incident – an attack or breach – which prevented access to data or systems during the last 12 months.
For the ransomware victims, it is “not uncommon to have experienced multiple ransomware events,” IDC said in a news release.
The global rate of attacked organisations was 37 percent, the research firm said.
Notably, just 13 percent of ransomware victims said they did not pay a ransom, according to the survey. The average ransom payment was nearly $250,000, though IDC pointed out that several large ransom payments did skew the average.
While not mentioned in the IDC report, vendors and solution providers in the IT industry have been among the highest-profile targets for ransomware groups in recent months.
In the Accenture attack, a hacker group is reportedly demanding $50 million in exchange for 6 TB of data.
Accenture referred CRN US to a statement provided on Wednesday saying that it “contained the matter and isolated the affected servers” and that “there was no impact on Accenture’s operations, or on our clients’ systems.”
In the July attack on Kaseya, ransomware operator REvil demanded $70 million demand to decrypt victim files. Kaseya later said it obtained a decryptor for the ransomware but did not pay the ransom.
Among industries, the highest incident rates for ransomware were found in the manufacturing and finance industries, IDC reported. Transportation, communication, utilities and media saw ransomware attacks at the lowest rates.
In June, the Darkside ransomware gang broke into the Colonial Pipeline systems through an inactive account that didn’t use multifactor authentication, according to a consultant who investigated the attack.
The ransomware attack prompted Colonial to shut down its 5,500-mile natural gas pipeline for five days, resulting in more than 10,000 gas stations across the Southeastern United States being out of fuel.