Antivirus Ineffective in Preventing Ransomware According to KnowBe4 Survey

Survey Showed 33 Percent of Respondents Experienced Ransomware Attacks; Reported an Average of 12 Hours of User Downtime

TAMPA BAY, Fla.--()--Concerned that ransomware continues its dominance as the most lucrative criminal business model in the history of malware, costing businesses upwards of $1 billion in 2016, KnowBe4 has released the findings of its newest research survey: The 2017 Endpoint Protection Ransomware Effectiveness Report.

KnowBe4, the provider of the most popular platform for security awareness training and simulated phishing, surveyed more than 500 organizations about the current state of their ransomware protection, whether they were a victim of ransomware, the impact of a successful breach and their remediation tactics. Their findings show that antivirus alone is not effective in preventing ransomware.

Out of the survey participants, there were shocking statistics from respondents around antivirus solutions’ inability to protect against ransomware:

  • 33 percent of respondents have experienced a ransomware attack in the past 12 months.
  • 53 percent of organizations that had deployed multiple solutions against ransomware still became victim to it.
  • 48 percent of the total number of respondents (72 percent) who had downloaded KnowBe4’s ransomware simulator, RanSim, were not able to detect the simulator’s behavior, despite their antivirus deployments.

“Ransomware is primarily delivered via a phishing email, which means your users have to be trained to identify it in order to prevent it, making antivirus ineffective at stopping ransomware,” said Stu Sjouwerman, CEO of KnowBe4. “It’s a simple concept – if users can learn not to click the link or open the attachment they won’t infect their workstation with ransomware! An important layer in any company’s security stack is the last line of defense – the human firewall that can be trained to detect a phishing email. Once organizations recognize this, their security posture improves dramatically.”

Of those impacted by ransomware, KnowBe4 found that on average six endpoints and two servers were affected in a given attack, meaning that the general assumption that ransomware takes over only one machine is inaccurate. The larger impact caused an average of 12 hours of user downtime and 12 hours of IT investment to remediate the problem. Ninety four percent of businesses surveyed did not pay the ransom to decrypt their data. Those that did paid at a cost of between three to five bitcoins (respectively $3,780 to $6,300 at today’s exchange rate).

“As ransomware continues to explosively grow every business is at risk,” added Sjouwerman. “Our research findings are fascinating as they illustrate that most companies are in an arms race to deploy endpoint solutions such as antivirus protection, but their focus on this investment is leaving massive gaps that can be manipulated. The bottom line: even with antivirus, ransomware is going to get in.”

KnowBe4’s research found that having some level of security awareness training in place improved an organization’s ability to fend off ransomware. The organizations that combined online training with frequent phishing attack testing saw the lowest percentage (21 percent) of successful ransomware attacks in the last 12 months:

Solution Don't Do Somewhat Mostly Completely
Implemented Implemented Implemented
Security software that filters out ransomware 29% 42% 36% 29%
Quarterly/Annual "Break Room"-style training 40% 39% 26% 22%
Monthly security videos / emails 44% 32% 26% 23%
Phishing testing of high-risk employees 44% 43% 21% 24%
Online Training for all employees with frequent phishing attack testing 43% 39% 30% 21%

Percent of organizations experiencing a ransomware attack (by solution implemented)


Ultimately, as shown by the survey, antivirus solutions will help keep some measure of ransomware out, but will do little to truly stop the spread of ransomware. Continual training and testing of employees will help an organization create its strongest security posture. The full report by KnowBe4 with its findings is available to download here.

About KnowBe4

KnowBe4, the provider of the world’s most popular integrated new school security awareness training and simulated phishing platform, is used by more than 8,500 organizations worldwide. Founded by data and IT security expert Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO Fraud and other social engineering tactics through a new school approach to security awareness training. Kevin Mitnick, internationally recognized computer security expert and KnowBe4’s Chief Hacking Officer, helped design KnowBe4’s trainings based on his well-documented social engineering tactics. Thousands of organizations trust KnowBe4 to mobilize their end-users as the last line of corporate IT defense.

Number 139 on the 2016 Inc 500 list, #50 on 2016 Deloitte’s Technology Fast 500, KnowBe4 is based in Tampa Bay, Florida. For more information, visit


Mockingbird Communications for KnowBe4
Jennifer Jewett, +1 617-913-2404

Release Summary

KnowBe4 study shows antivirus ineffective in preventing ransomware, 33 percent experienced attacks, averaging 12 hours of downtime.


Mockingbird Communications for KnowBe4
Jennifer Jewett, +1 617-913-2404