Downtime from Ransomware More Lethal to Small Businesses Than the Ransom

  /     /     /  
Publicated : 22/11/2024   Category : security


Downtime from Ransomware More Lethal to Small Businesses Than the Ransom


New survey of small-to midsized businesses (SMBs) shows half of SMBs infected with malware suffer 25 hours or more of business disruption.



Of more than half of all small-to midsized businesses (SMBs) infected with ransomware in the past year, attackers demanded ransom of $1,000 or less - a drop in the bucket in comparison to the downtime these attacks cause, a new report shows.
The survey of more than 1,000 SMBs in the US, UK, France, Germany, Australia, and Singapore, found that while 65% have not been hit with a ransomware attack in the past 12 months, nearly 30% have suffered one to five such incidents; 5%, six to 10  ransomware incidents; and 1%, 11- to 20-plus such incidents.
Ransomware indeed is becoming the darling of attackers, with 70% of malware distributed in June of the ransomware type, according to Malwarebytes data from
a report earlier this month
. And with two major ransomware attacks this year, WannaCry and Petya, spreading around the globe rapidly via worm-type exploits, SMBs appear to consider malware a clear and present danger.
Around seven in 10 SMBs are either concerned or extremely concerned about ransomware, the Malwarebytes SMB report shows.
Ransomware wasnt necessarily the most expensive aspect of a ransomware attack: downtime, revenue loss, and fallout were more expensive and far more damaging, especially when youre talking about small businesses, says Adam Kujawa, head of malware intelligence at Malwarebytes. He says its easier for larger organizations to recover from a ransomware attack because they have more resources to do so than an SMB does.
In some 22% of organizations, ransomware attacks halted business immediately, while 37% say their users, customers, and vendors were affected by the attack, and 15% say they lost revenue due to the attack.
Downtime-wise, 27% were down for one- to eight hours; 23%, nine- to 16 hours; 24%, 17- 24 hours; and 15%, 25- to 100 hours.
Nearly 30% of SMBs dont know the origin of their ransomware infection. Most do not know where the ransomware comes from. It just shows up one day on their endpoints, and then they say oh crap, what do I do.
Higher ransom rates were less common for SMBs. More than 10% were above $10,000, and around 3% were higher than $50,000.
Most SMBs dont believe ransomware victims should pay up, and just 28% say they paid the ransom. Even so, 32% of those that didnt pay ransomware attackers ended up losing their files for good.
The debate over whether or not to pay ransomware attackers has caused confusion and angst among the business world. While most security experts say victims should not to comply with the data kidnappers monetary demands, others say there are times that its best to pay up.
You can avoid it if you have backups or some method of getting your files back, Kujawa says. If the datas not important to you, you do not need to pay. Theres a 50% chance youre going to get it back, anyway.
But if the loss of the locked-down files is costly, paying up may be the best bet. If theres a legitimate or steep fine for not having those files, paying ransom may be an option, he says.
That doesnt necessarily mean paying the full amount the attackers demand. Try the best way to communicate them and try to negotiate the price … for a few files, for example, he says. Theyre still happy to get some money.
Related Content:
20 Questions for Improving SMB Security
BEC Attacks Far More Lucrative than Ransomware over Past 3 Years
Black Hat Survey: Security Pros Expect Major Breaches in Next Two Years
Half of Ransomware Victims Suffer Repeat Attacks
NotPetya: How to Prep and Respond if Youre Hit

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Downtime from Ransomware More Lethal to Small Businesses Than the Ransom