The threat of ransomware is becoming widespread among corporations, with almost half of U.S. businesses suffering an attack from the nasty form of malware recently, according to a new survey.

Security firm Malwarebytes sponsored the study, which found in June that 41 percent of U.S. businesses had at least encountered between one to five ransomware attacks in the previous 12 months.

Another 6 percent saw six or more attacks.

The study surveyed corporations in the U.S., Canada, U.K. and Germany to gauge how ransomware affected their operations.

The malware, which can infect a computer and take the data hostage, can be bad for business. Thirty-four percent of the victim corporations in the countries surveyed reported losing revenue because the ransomware had prevented access to important files.

U.S. businesses victimized by the malware generally didn’t suffer a heavy toll and only 6 percent of them reported losing revenue. In most cases, the malicious code only affected personal files.

The survey also looked at how the ransomware was affecting these enterprises, and found that generally the malware had been designed to affect desktop PCs or laptops. The infection often came through links and attachments inside emails, or from a website or web application.

The response of companies to the threat varied across countries. In the U.S, only 3 percent of the businesses hit by the ransomware decided to pay the hackers.

That’s a big difference from the Canadian businesses surveyed, of which 75 percent said they agreed to pay the ransom.

The survey said this was probably because the ransomware attacks in the U.S. often target lower-level employees and tend to only infect a few computers.

Osterman Research

More amateur cybercriminals are probably indiscriminately spreading ransomware in the U.S. like spam, the survey added. Low-level ransom demands of up to $500 are prevalent in the U.S. However, high ransom demands of more than $10,000 are more common in Germany.

Malwarebytes sponsored Osterman Research to conduct the study by surveying 540 CIOs, CISOs and IT directors across the four countries.