While the amount of money ransomware attacks generate for cybercriminals has been relatively slight, it turns out the economic impact ransomware has on small to medium business (SMBs) is truly substantial.
A new global survey of 1,054 organizations conducted by Osterman Research on behalf of Malwarebytes, a provider of malware removal software, finds among half of the organizations that were infected with ransomware, the ransom demanded was $1,000 or less. Only 11 percent of ransom demands exceeded $10,000 and only three percent were for more than $50,000.
But the survey also notes that that roughly one in six organizations impacted by a ransomware attack experienced 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours. Only nine percent of those surveyed reported that downtime caused only up to one hour of downtime.
In total, the survey finds that more than one-third of businesses have experienced a ransomware attack in the last year; with 22 percent being forced to cease operations immediately for some amount of time. But only 15 percent said they lost actual revenue because of a ransomware attack.
The good news is that awareness of ransomware as a threat is high among SMBs. A full 75 percent of organizations surveyed place a high or very high priority on addressing the ransomware problem. But nearly half of the organizations surveyed expressed little to only moderate confidence in their ability to stop a ransomware attack. To make matters worse, among those impacted by a ransomware attack 27 percent said they could not identify how the endpoints became infected. More than one-third of ransomware infections also spread to other devices, and two percent said ransomware infection impacted every device on the network.
The truth of the matter is there is no silver-bullet technology defense against ransomware. Over one-third of SMBs claim to have been running anti-ransomware technologies, with one-third of those businesses still experiencing a ransomware attack. The only real defense is to educate users about the perils of attachments and downloads. Over a third (37%) of attacks on SMBs in the U.S. were reported as coming from a malicious email attachment and 27 percent were from a malicious link in an email. In Europe, only 22 percent of attacks were reported as coming from a malicious email attachment and a malicious link in an email, respectively.
The only real defense against ransomware is end user training and sound data management and protection policies that make certain any file that is encrypted by a ransomware attack can be recovered. In the absence of those policies, however, it should be noted that most SMBs refused to be blackmailed. The survey finds that 72 percent of respondents believe that ransomware demands should never be paid. Most of the remaining organizations said ransomware demands should only be met if the encrypted data is of value to the organization. Among organizations that chose not to pay cybercriminals’ ransom demands, about one-third opted to lose files than pay ransom.
By and larger ransomware attacks amount to the digital equivalent of a nuisance crime. The challenge SMBs face to make sure those crimes never get a chance to escalate beyond that level.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.