The word “ransomware” can make anyone cringe—especially business owners. Almost everyone has seen headlines and stories spewed across the web about companies whose data has been held hostage, and won’t be returned until a ridiculous payout is handed over to criminals.

Unfortunately, these types of attacks won’t be going away anytime soon. At this point, it’s all about being proactive. Instead of being fearful and paranoid of an attack, companies must gain the peace of mind of knowing that their network is protected with the right antivirus software, firewall and backup recovery system.

Below are 15 mind-blowing stats on ransomware from 2017 that help put into perspective how these infections are evolving to become a top threat to businesses worldwide.

A company is faced with ransomware every 40 seconds.  

Source: Kaspersky Security Bulletin 2016

The number of attacks on businesses has tripled over the past year. During Q1 2017, it was once every 2 minutes —which was already scary enough.    

6 in 10 malware payloads were ransomware during Q1 of 2017.

Source: Malwarebytes

Ransomware is the hottest trend among attackers right now, and they show no signs of slowing down. Why would they? The black market economy behind ransomware is absolutely flourishing.  

Until companies have better security measures in place, attackers will just keep on siphoning money the easy way.

There were 4.3x new strains of ransomware in Q1 2017 than in Q1 2016.

Source: Proofpoint A1 2017 Quarterly Threat Report

As more and more criminals flock to ransomware, competition is breeding innovative strains of the infection, making it difficult for companies to prepare for attacks.  

Ransomware has attacked 15% or more of businesses in the top 10 industry sectors.

Source: Kaspersky Security Bulletin 2016

23% – Education

22% – IT/Telecoms

21% – Entertainment/Media

21% – Financial Services

19% – Construction

18% – Government/public sector/defence

18% – Manufacturing

17% – Transport

16% – Healthcare  

16% – Retail/Wholesale/Leisure

Needless to say, no industry is immune to an attack—from enterprises to small businesses.  

Over the last year, 48% of IT consultants have noticed a spike in ransomware-related support inquiries across customers in 22 different industries.

Source: Intermedia

Considering how prevalent attacks have become, it’s only a matter of time until cyber-crime becomes known simply as “crime.”

71% of businesses targeted by ransomware attacks have fallen victim.  

Hackers can tailor customized variants to their specific targets, quickly evading a company’s security system to encrypt files.  

Source: Barkly

75% of ransomware attacks spread to infect three or more employees.

Source: Intermedia  

All it takes is one distracted employee to click the wrong link for an infection to spread like wildfire from one employee to next.

Almost half of all ransomware attacks infect at least 20 employees. 

Source: Intermedia  

If a business can’t stop the bleeding early on, ransomware can wreak havoc on an entire network.     

Phishing emails delivering ransomware dropped nearly 50% in Q1 in 2017.

Source: Proofpoint Q1 2017 Quarterly Threat Report

Since more users know how to recognize phishing emails, criminals are inventing alternative methods for delivering the infection; some of which don’t even require human interaction.   

Two thirds of ransomware infections in Q1 2017 were transported via Remote Desktop Protocol (RDP).

Source: Webroot

Infecting targets via RDP has become quite popular. All an attacker has to do is spend a few minutes scanning the internet for open ports. Once they find one exposing RDP, they can wiggle their way past weak or default passwords to execute their plans.

The average ransom demand has increased to $1,077—which is more than 3x the average demand in 2015.

No company ever wants to dish out that kind of money for their own data. A payment like that might be just bee sting to enterprise businesses, but for small business owners it’s a nightmare.

And with the average demand on the rise, required payments will only become heftier.

Here are some of the biggest ransomware attacks over the past 12 months:

    • $28,000 from Los Angeles Valley College
    • $21,000 from Madison County in Indiana
  • Demand of $70,000 from San Francisco Municipal Transportation Agency—which wasn’t paid

Source: Symantec 2017 Internet Security Threat Report

1 in 5 businesses that paid the ransom never recovered their files.

Source: Kaspersky Security Bulletin 2016

So, this is how it goes: if a company doesn’t pay the ransom, they’ll never see their files again. But, if a company does pay the ransom, there’s still a decent chance they’ll never see their files again.

Keeping the door open to attackers means that everything a business has worked towards may one day rest in the hands of a criminal.

70% of infected companies lost access to data for two days or more.

Source: Intermedia  

The longer a company isn’t able to access their data, the greater the impact is on their operations. A loss of business for even just a few days can take a huge chunk out of an organization’s bottom line.  

Each day without access usually results in anywhere from $5,000 to $20,000 in lost business and damages because of downtime.

Source: Intermedia  

During a ransomware attack, businesses sweat the possibility they may never again access valuable data. But to make things worse, they’re losing thousands of dollars as each day passes.  

Global ransomware damages are expected to exceed $5 billion in 2017—a 15x increase over just two years ago, and excludes actual payments.  

Source: Cybersecurity Ventures

As long as companies get the IT support they need to protect against ransomware, they can avoid becoming a statistic. As ransomware damages escalate and the number of businesses infected skyrockets, it’s best for owners to make the smart investment in managed IT support in 2018.