Abstract

This study looks at the experiences of organizations that have fallen victim to ransomware attacks. Using quantitative and qualitative data of 55 ransomware cases drawn from 50 organizations in the UK and North America, we assessed the severity of the crypto-ransomware attacks experienced and looked at various factors to test if they had an influence on the degree of severity. An organization’s size was found to have no effect on the degree of severity of the attack, but the sector was found to be relevant, with private sector organizations feeling the pain much more severely than those in the public sector. Moreover, an organization’s security posture influences the degree of severity of a ransomware attack. We did not find that the attack target (i.e. human or machine) or the crypto-ransomware propagation class had any significant bearing on the severity of the outcome, but attacks that were purposefully directed at specific victims wreaked more damage than opportunistic ones.

中文翻译：

---

对组织的勒索软件攻击的实证研究：评估影响脆弱性的严重性和显着性因素

摘要

这项研究着眼于成为勒索软件攻击受害者的组织的经验。我们使用了来自英国和北美50个组织的55个勒索软件案例的定量和定性数据，我们评估了所经历的加密勒索软件攻击的严重性，并研究了各种因素以测试它们是否对严重性产生影响。发现一个组织的规模对攻击的严重程度没有影响，但是发现该部门是相关的，私营部门的组织比公共部门的组织遭受的痛苦要严重得多。此外，组织的安全状况会影响勒索软件攻击的严重程度。我们没有发现攻击目标（即