More than one-third of businesses have experienced a ransomware attack in the last year, and more than one in five (22%) of these impacted businesses had to cease operations immediately, according to a study by Malwarebytes.
The Annual State of Ransomware Report found that the impact of ransomware on SMEs can be devastating. For roughly one in six impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours. Further, among SMEs that experienced a ransomware attack, one in five (22%) reported that they had to cease business operations immediately, and 15% lost revenue.
“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO, Malwarebytes. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise. Osterman’s findings demonstrate that SMEs are suffering in the wake of attacks, to the point where they must cease business operations. To make matters worse, most of them lack the confidence in their ability to stop an attack, despite significant investments in defensive technologies. To be effective, the security community must thoroughly understand the battles that these companies are facing, so we can better protect them.”
Most organizations make addressing ransomware a high priority, but still lack confidence in their ability to deal with it. 75% of organizations surveyed place a high or very high priority on addressing the ransomware problem. Despite these investments, nearly one-half of the organizations surveyed expressed little to only moderate confidence in their ability to stop a ransomware attack.
For many, the source of ransomware is unknown and infections spread quickly. For 27% of organizations that suffered a ransomware infection, decision makers could not identify how the endpoint(s) became infected. Further, more than one-third of ransomware infections spread to other devices. For 2% of organizations surveyed, the ransomware infection impacted every device on the network.
SMEs in the US are being hit harder than SMEs in Europe by malicious emails containing ransomware. The most common source of ransomware infections in US-based organizations was related to email use. 37% of attacks on SMEs in the U.S. were reported as coming from a malicious email attachment and 27% were from a malicious link in an email. However, in Europe, only 22% of attacks were reported as coming from a malicious email attachment. An equal number were reported as coming from malicious link in an email.
Most SMEs do not believe in paying ransomware demands. 72% of respondents believe that ransomware demands should never be paid. Most of the remaining organizations believe that demands should only be paid if the encrypted data is of value to the organization. Among organizations that chose not to pay cyber criminals’ ransom demands, about one-third lost files as a result.
Current investments in technology might not be enough. Over one-third of SMEs claim to have been running anti-ransomware technologies, while about one-third of businesses surveyed still experienced a ransomware attack.
With the infected computers or networks becoming unusable until a ransom has been paid or the data has been recovered, it is clear to see why these types of attack can be a concern for business continuity professionals. The latest Horizon Scan Report published by the Business Continuity Institute revealed cyber attacks as the number one concern.
“It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident in their ability to deal with it,” said Adam Kujawa, Director of Malware Intelligence, Malwarebytes. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”