Who is Affected by Ransomware the Most & Why

Today, unfortunately, isn't any different than yesterday or any other day in the recent months when it comes to malicious threats like Ransomware. However, ransomware has evolved over the past few years to attack specific entities aggressively, and now we have a better understanding of who gets attacked the most and why.

Data collected by Symantec last year (2017) gave us yet another glimpse into who specifically ransomware is attacking the most, which uncovers many industrial sectors being ones who have succumb to countless ransomware attacks. Moreover, data collected by Datto reveals that human negligence is the main reason as to why ransomware can attack certain entities.

Simply put, due to the primary methods that ransomware can spread, people are opening up malicious spam email attachments and infecting their companies or personal computers. It's hard for some to fathom that by opening what appears to be a harmless attachment on an email could be the root cause for destruction on a system where ransomware may infiltrate a computer and encrypt several files leaving the system fundamentally useless. Furthermore, ransomware will continually hold an infected computer for a ransom fee, which is where 'ransomware' gets its name.

Ransomware, as you may know, is a malicious type of software that is designed first to encrypt files on an infected computer and then demand substantial payment, usually in untraceable Bitcoin, to release the encrypted files from being held hostage. Most ransomware is known to spread through spam or phishing email attachments, which may be disguised as legitimate emails and appear to contain harmless file attachments.

Through our many years of examining and combating some of the most egregious types of malware in existence, ransomware continues to rank amongst the most dangerous. Our data has shown us time and time again that industrial sectors have been the most attacked by ransomware all spawned from spam and phishing emails. Now, with data from Symantec and Datto, demonstrated in the statista chart below, we have a clear picture of what specific types of global industries are most affected by ransomware and the main reasons why.

Statista chart of who is affected by ransomware and why - Data sources: Symantec and Datto

The statista chart above, compiling data collected through September 2016, shows how general services within the industrial landscape ranks the highest for being attacked by ransomware at 38% followed by manufacturing industries at 17% and then public administration and finance, insurance & real estate, all tied at 10%. As for the leading causes of ransomware infections within those same industries, spam/phishing emails ranks as being the highest culprit at 46% followed by lack of employee training at 36%. After that, malicious websites/web ads come in at 12%. As a disclaimer rooting from our personal experience and recovery of our customer's data, lack of employee training mostly coincides with the opening of spam/phishing emails. To put it candidly, lack of employee training by not explaining how the opening of spam email attachments and how to identify such malicious messages is an inherent problem that may skew the findings of Symantec and Datto. Such may be revealed when you compare both the spam/phishing emails percentage and lack of employee training percentage as the primary causes of ransomware infections.