Abstract

This study looks at the experiences of organizations that have fallen victim to ransomware attacks. Using quantitative and qualitative data of 55 ransomware cases drawn from 50 organizations in the UK and North America, we assessed the severity of the crypto-ransomware attacks experienced and looked at various factors to test if they had an influence on the degree of severity. An organization’s size was found to have no effect on the degree of severity of the attack, but the sector was found to be relevant, with private sector organizations feeling the pain much more severely than those in the public sector. Moreover, an organization’s security posture influences the degree of severity of a ransomware attack. We did not find that the attack target (i.e. human or machine) or the crypto-ransomware propagation class had any significant bearing on the severity of the outcome, but attacks that were purposefully directed at specific victims wreaked more damage than opportunistic ones.

Details

Title
An empirical study of ransomware attacks on organizations: an assessment of severity and salient factors affecting vulnerability
Author
Connolly, Lena Yuryna 1 ; Wall, David S 1 ; Lang, Michael 2 ; Oddson, Bruce 3 

 Department of Computer Science, University of Bradford, Bradford, BD7 1DP 
 School of Business and Economics, National University of Ireland Galway, Galway, Ireland 
 School of Human Kinetics, Laurentian University, Sudbury, ON P3E 2C6, Canada 
Publication year
2020
Publication date
2020
Publisher
Oxford University Press
ISSN
20572085
e-ISSN
20572093
Source type
Scholarly Journal
Language of publication
English
DOI
https://doi.org/10.1093/cybsec/tyaa023
ProQuest document ID
3169766399
Copyright
© The Author(s) 2020. Published by Oxford University Press. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.