A new global ransomware survey by OpenText has revealed a worrying surge in ransomware attacks, particularly those originating from software supply chains and those empowered by artificial intelligence (AI).

The 2024 Global Ransomware Survey paints a grim picture, with 90 per cent of respondents in the country reporting they were impacted by a ransomware attack originating from a software supply chain partner in the past year.

The survey highlights the growing sophistication and reach of these attacks. A significant 62 per cent of respondents globally were affected by ransomware attacks linked to their software supply chains. As many as 95 per cent of respondents expressed concerns about attacks on downstream partners. The fear is palpable, with 76 per cent of respondents considering changing vendors due to recent high-profile breaches.

Muhi Majzoub, Executive Vice-President and Chief Product Officer, OpenText, stressed the need for proactive defence against these sophisticated threats. “Businesses must proactively defend against sophisticated threats like supply chain vulnerabilities and AI-driven attacks, while ensuring resilience through data back-ups and response plans to avoid empowering the very criminals seeking to exploit them,” he said. 

Ransomware attacks have become alarmingly common, with 90 per cent of companies surveyed experiencing at least one attack in the past year. Small- and medium-sized businesses (SMBs) have been tough hit.

Shockingly, 72 per cent of those attacked chose to pay the ransom, often amounting to millions of dollars. Half of their ransom payments were between $1 million and $10 million. 

AI misuse

The use of AI by cybercriminals has further exacerbated the problem, leading to a significant rise in phishing attempts, as noted by 71 per cent of respondents. This has amplified concerns about ransomware vulnerability, with 69 per cent believing their companies are more at risk due to AI misuse.

In response to the escalating threat, organisations are ramping up investments in cloud security and employee training. Seventy six per cent of respondents indicated their companies are prioritising cloud security, while 96 per cent mandate security awareness and phishing training for employees.

OpenText Cybersecurity surveyed 1,781 C-level executives, security professionals, and security and technical directors from SMBs and enterprises in the US, the UK, Australia, France, Germany and India from August 23 to September 10.