Around 22% of small & medium sized businesses hit by ransomware had to cease business operations immediately, report claims

Ransomware attacks caused 22 percent of small as well as medium-sized businesses in 7 countries, including Australia, to cease business operation immediately, a report from the security firm Malwarebytes claims.

It found that about one third of the businesses surveyed have experienced a ransomware attack in 2016. Concern over ransomware varied from a low of 57.7 percent in Australia to a high of 78.9 percent in France.

It has been seen that ransomware attacks mainly Windows computers as well as attacks have increased in frequency over the last 2 years, with major global attacks taking place in the month of May & June.

Malwarebyte’s “Second Annual State of Ransomware Report” covered 1054 companies with less than 1000 employees in France, North America, the UK, Australia, Germany, as well as Singapore & was conducted by Osterman Research.

“Businesses of all sizes are increasingly at risk for ransomware attacks. However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise,” Marcin Kleczynski, the company’s chief executive said.

He also said the research findings indicated that both small & medium sized businesses were suffering to the point where they had to shut their business.

“To make matters worse, most of them lack the confidence in their ability to stop an attack, despite significant investments in defensive technologies,” he said. “To be effective, the security community must thoroughly understand the battles that these companies are facing, so we can better protect them.”

Top Findings:

• Ransomware can completely devastate small and medium sized businesses. In about 1 in 6 affected companies, a ransomware infection caused a downtime of 25 or more hours, while some reported downtime of more than 100 hours. While 22 percent business had to cease operations immediately, another 15 percent lost money.
• Around 75 percent small as well as medium sized businesses lacked confidence that they could deal with ransomware attacks. However, they placed a high priority on tackling ransomware attacks.
• Many didn’t know from where the ransomware had come & therefore the infections spread swiftly. Nearly 27 percent were not able to identify how endpoints were infected as well as in one third of the cases the ransomware spread to other devices. In about 2 percent of cases, each and every device in the company was infected.
• Small & medium sized businesses in the US were hit harder by malicious emails that contained ransomware than their counterparts in Europe. It has been sen that email was the most common attack vector in the US – 37 percent came from a malicious attachment as well as 27 percent came from a malicious link in an email.
• In Europe, around 22 percent of infections had come from malicious email attachments as well as a similar percentage were attacked through malicious links in emails.
• Most small & medium sized businesses believed that paying ransoms is not a good idea, with nearly 72 percent saying that such demands should be ignored. Of the remainder, most said that the ransom should only be paid if the data that had been encrypted was irreplaceable.One third of those who did not pay ransom lost data as a result.
• Concern about ransomware attack was highest (54 percent) among the financial services sector, while least concerned were transportation business entities (26 percent).
• More than one third of small and medium sized businesses claimed to have been using an anti-ransomware software, but still about one third have experienced attacks.