New research reveals that more than one-third of businesses have experienced a ransomware attack in the last year. Twenty-two per cent of these ransomware attacks had an impact on businesses they had to cease operations immediately.
“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO of Malwarebytes, the commissioners of research via their Second Annual State of Ransomware Report.
“However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise. The findings demonstrate that SMEs are suffering in the wake of attacks to the point where they must shut down operations. To make matters worse, most of them lack the confidence in their ability to stop an attack, despite significant investments in defensive technologies. To be effective, the security community must thoroughly understand the battles that these companies are facing, so we can better protect them.”
The key take-outs from the report are:
Financial demands are usually low
Australian businesses that fall victim to ransomware attacks suffer more financial pain from disruption to operations than they do from the payments demanded by the attackers. Of the 175 Australian SMEs surveyed, 81 per cent of those who had experienced a ransomware attack faced demands of about $1000 or less. Just four per cent faced demands for more than $10,000 and none had demands for payments of more than $50,000.
Disruption is a large problem
Some 22 per cent of Australian businesses that had suffered a ransomware attack had to cease operations immediately and 18 per cent reported they had lost revenue as a result. Of the affected firms, 71 per cent said the infection caused nine or more hours of downtime, with 20 per cent admitting their systems had been down for up to 100 hours.
To pay or not to pay
Among Australian respondents to the survey who had experienced an attack, more than half (55 per cent) confirmed they did not make any payment. Of those opting to pay, 40 per cent said they lost data files as a result of the decision.
The source of the problem
When it comes to identifying where a ransomware attack originated, more than a third (31 per cent) of Australian businesses surveyed admitted they did not know. Of those that could identify the source, 22 per cent said it had been a malicious link in an email while a further 18 per cent pointed to an infected email attachment.
The spread of infection: Once an infection had occurred, many respondents found the attack quickly spread to other points on their networks. The survey found more than half (55 per cent) had up to a quarter of their endpoints infected while a further 15 per cent had between 26 per cent and 50 per cent infected. In four per cent of cases infection levels reached as high as 99 per cent.
“These results confirm the key problem with ransomware is not the ransom demand itself but the wider impact that an attack has on a targeted business,” said Jim Cook, ANZ Regional Director, Malwarebytes. “The disabling of critical systems has a flow-on effect for everything from production and sales to customer service and support.
“They also demonstrate the reluctance of Australian businesses to yield to the demands of the criminals. Most clearly believe that they are better off to deal with any resulting fallout and get on with their daily activities.”
The results indicate that more needs to be done to combat the challenge. While more than one in three SMEs in Australia confirmed they are running anti-ransomware technologies, 31 per cent still experienced an attack.
“Ransomware is showing no sign of abating, and so Australian businesses must give more attention to what is a potentially disruptive and costly threat,” said Cook. “By educating staff about the threat, deploying appropriate tools, and undertaking regular backups, businesses can ensure they are best placed to withstand an attack when it occurs.”
Inside Small Business
