Ransomware gangs used to just infiltrate a single computer and encrypt its files, but now they go further, he said.

"Modern ransomware attacks have an attacker in the network, who spends time...to understand where's the most important data for the company is, where the virtual machines and the databases and everything else that are really driving the company's business," Olson said.

Then, attackers locate backups and find key data they can steal and use for extortion later.

"They spend all that time up front so they can execute the encryption routine, give the ransom note and apply maximum pressure," he said.

The extensive nature of the attacks mean recovery is lengthy because some companies find all their backups have been encrypted or any they held off-line are not up to date or will take a long time to restore, said Olson.

While 41 per cent of Olson's survey respondents whose businesses were hit with a ransomware attack were able to recover within a month, 58 per cent say it took more than a month to recover.

Almost 30 per cent say it took more than three months and nine per cent say it took more than five or six months.

The survey also found nearly half of organizations which didn’t pay a ransom were able to recover within a week, suggesting their companies were prepared for an attack or the attack wasn't severe enough to warrant paying.

Olson hopes releasing these findings will spur companies to take cybersecurity seriously, if they aren't already.

He said, "Organizations all over the world, including Canada, could do more to help ensure that their network won't be compromised."

This report by The Canadian Press was first published Dec. 8, 2021.

