50 percent of organizations based in the United States have been targeted by ransomware attacks over the past 12 months.

That's just one of the major findings of Understanding the Depth of the Ransomware Problem in the United States, a report commissioned by security firm Malwarebytes and conducted by Osterman Research.

In June 2016, Osterman Research conducted 540 surveys with organizations based in the United States, Canada, Germany, and the United Kingdom. Each participating organization's CIO, IT director, IT manager, CISO, or other executive who is familiar with security-related topics was responsible for completing the survey.

Those executives' responses paint a grim picture of the ransomware threat in the United States.

Overall, about half of respondents stated ransomware is a "concern" or "extreme concern" for their organization. They have every right to feel that way. More than 40 percent of participating organizations reported having suffered between one and five ransomware attacks in the past 12 months, while 1 percent said they saw over 20 individual attack campaigns.

For 78 percent of U.S. organizations that experienced a ransomware attack, people such as customers, vendors, and students were personally affected. In 12 percent of cases, all business shut down immediately.

Not all sectors saw the same number of attacks, however. Healthcare and financial services were most affected by ransomware.

This finding comes as no surprise to the authors of the study:

"These industries are among the most dependent on access to their business-critical information, which makes them prime targets for ransomware-producing cyber criminals. Cyber criminals, hoping that organizations will not having ransomware detection technologies in place or will not have recent backups of their data from which they can recover, are more likely to target organizations in these industries, particularly for highly targeted, spearphishing-like attacks."

Unfortunately, most U.S. organizations don't see a way to turn the tide on ransomware. Indeed, only four percent of respondents felt "very confident" in their ability to stop ransomware, which could reflect the fact that nearly 40 percent of organizations who experienced an infection decided to ultimately pay the ransom.

But there is hope. U.S. organizations are of the firm belief that training end users and implementing anti-ransomware technology are equally important in the fight against ransomware.

They couldn't be more correct.

As they look for solutions that match their IT environments, companies should encourage users to be on the lookout for suspicious links and email attachments. Security teams should also make sure all critical data is regularly backed up and that the company's endpoints are continuously monitored for suspicious activity.

For additional findings, please read Malwarebytes' survey in full here.