Average ransomware payment for Canadian firms hits $450,000

The average ransom paid by Canadian organizations was more than $450,000 (CDN), according to a survey of firms by Palo Alto Networks.

The survey of IT decision-makers at companies with between 100 and 1,000 employees, was conducted in September for the vendor by an independent market research firm. It found on average victims paid just over $458,200.

Fifty-five per cent of respondents said their organization has been the victim of a ransomware attack, with one in five (20 per cent) saying they have been attacked more than once.

Of the organizations hit by ransomware, a majority (58 per cent) said their organization paid a ransom, with 14 per cent saying their organization paid more than once.

Palo Alto Networks’ Unit 42 security consulting group found that the Conti ransomware gang has been the most active this year in posting data stolen from Canadian organizations on leak sites, with 31 victims up to September.

In total 112 Canadian organizations were named on the data leak sites of 27 ransomware gangs. Of those victims, 43 were in Ontario, 38 in Quebec and 17 in B.C.

Data leak sites are places on the dark web where ransomware gangs post examples of the data they have stolen as proof of a successful attack.

“Ransomware gangs are not discriminating against the size or type of business they’re targeting, so all Canadian organizations must be prepared,” said Ivan Orsanic, regional vice-president and Canada country manager at Palo Alto Networks. “Stopping ransomware attacks requires businesses to be proactive and have the right security strategy in place to prevent attacks, and to lessen the impact of an attack and speed up recovery if breached.”

Recovery is not quick

While 41 per cent of businesses hit with a ransomware attack were able to recover within a month, according to the study, more than half (58 per cent) said it took more than a month to recover; 29 per cent said it took more than three months; and nine per cent said it took more than five to six months.

Preparation is key to not only preventing an attack but also helping to minimize the impact of a successful attack, says Palo Alto Networks. For example, Canadian organizations that recover quickly are ones that generally didn’t have to pay a ransom. The survey found that nearly half of Canadian organizations (46 per cent) that didn’t pay a ransom were able to recover from an attack within a week, which suggests these were organizations that were prepared and had backup systems in place. Another possibility, the company admits, is that the attack wasn’t severe enough to warrant paying.

The survey also suggested there’s is a significant gap in knowledge between executive
leaders/executive decision-makers and managers on the volume and severity of ransomware attacks against their organizations.

For example, only 23 per cent of managers (the report calls them directors or people leaders) were aware their organizations had been hit by a ransomware attack, compared to 57 per cent of executive leaders.

Managers were more optimistic with the recovery time of a ransomware attack, with just under a quarter believing their organization recovered within 48 hours, more than twice the percentage of executive leaders who believed the same (11 per cent).


The recommendations in the report to help IT departments reduce the risk of being hit by ransomware include:

Gain full visibility and block unknown traffic: Identify all traffic on the network and block unknown, potentially high-risk traffic;
Enforce application- and user-based controls: Restrict access to tools for employees who have no business need for them;
Block all dangerous file types: Not all file types are malicious, but those known to present higher risk, or associated with recent attacks, can be controlled.

The Angus Reid market research firm, which conducted the study, said it has a margin of error of plus or minus three points.

Click here to read the full survey.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.