December 8, 2023 The average ransomware payment made by mid-sized Canadian companies this year was just over $1 million, according to a new survey.

The survey of IT professionals at 1,000 organizations with between 100 and 1,000 employees, done for Palo Alto Networks, was released Thursday.

Called the Canadian Ransomware Barometer, it found that while the volume of ransomware attacks here had decreased since the last study two years ago, the average ransom paid was $1.13 million. That’s a 150 per cent increase over 2021.

Of the majority of businesses that paid ransoms, just over half paid more than $500,000. By comparison, only 29 per cent paid over that amount in 2021.

The number of respondents saying their firm was hit by ransomware stayed roughly the same — 35 per cent this year, compared to 37 per cent in 2021.

However, the number of organizations willing to pay ransoms dropped. Of those hit this year, only 34 per cent of respondents said their organization paid to get access to data back. By comparison, 45 per cent of respondents in the 2021 survey said their firm paid.

As with the previous study, more than half of respondents (58 per cent) said that it took
more than a month to recover from a ransomware attack. One-quarter (24 per cent) said that it took longer than four months.

The report offers these tips to defend against ransomware attacks:

— train staff that if they think a phishing email has arrived in their inbox, it must be reported;
— ensure all software and hardware have the latest patches;
— have a solid and tested data backup and recovery plan.

The post Canadian mid-sized firms pay an average $1.13 million to ransomware gangs first appeared on IT World Canada.