According to a study conducted by Statista in September 2016, 58% of Small and Midsize Businesses (SMBs) in the United States are vulnerable to a ransomware attack. A Statista survey further showed that as of 2016, only 44% of businesses had implemented complete anti-ransomware solutions and only 15% to 20% provided appropriate training to their employees. It is no wonder that only 9% of SMBs expressed confidence in their employees’ ability to detect risky links or sites that could result in a ransomware infection.
Don’t Let Your Business Be Taken Hostage
You can take steps to minimize the risk and mitigate the impact on your business if you’ve fallen victim to a ransomware attack. At the basic level, ransomware prevention and protection require:
- Backing up your data daily to a cloud or to an offline storage that is not directly connected to desktop systems.
- Educating your employees on phishing and social engineering techniques used to spread a ransomware virus.
- Patching to minimize vulnerability exploitation.
You should seek expert advice on getting tailored anti-ransomware solutions. Contact WhiteHawk Advisory Services for more information.
What is Ransomware?
Ransomware is a malicious software that locks users out of their computer systems and requires a ransom payment in order to unlock the system. Crypto-ransomware is a popular form of ransomware that converts the victim’s data into text that is unreadable by a human or computer without the proper decryption key. The cybercriminals threaten to delete the decryption key in their possession unless the victim pays a ransom. Bitcoin is the preferred mode of payment but new payment forms such as Amazon gift cards are emerging.
Ransomware infects business-critical files including database files, website files, Computer Aided Design (CAD) files, tax files and virtual desktop files located on computers, shared and removable drives, servers, and mobile devices. According to Statista, as of September 2016, database files were the most targeted types of files (96%). Ransom notes are increasingly intimidating and force most victims to pay. They use countdowns, progress bars, threats to increase ransom amount or delete files as time elapses, and threats to expose sensitive information to the public.
According to Statista, 47% of amounts requested in 2017 during a ransomware attack ranged between $501 and $2,000. Only 1% of these amounts was above $20,000. However, the financial impact on SMBs goes beyond the ransom. A Statista survey showed that as of September 2016, 33% of US SMBs that were victims of ransomware attacks had to invest in new security technologies, 32% lost money from downtime, 32% lost customers, 24% saw their reputation diminished, 23% lost customer data, 22% had to replace their infrastructure, and 15% had to postpone plans to expand their business.
Other Important Statistics from Statista
- 2016 saw a 752% increase in the number of ransomware categories discovered, growing from 29 to 247.
- The number of global ransomware attacks grew from 3.2 million in 2014 to 638 million in 2016.
- As of March 2017, the two most common types of crypto-ransomware were Locky (9.13%) and CryptXXX (7.04%).
- In 2016, the most common methods of ransomware infections for SMBs in the US are: phishing and social engineering (including spam emails) at 43%, and compromised websites at 30%.
- As of 2017, the overwhelming majority of infections happened on Microsoft Windows operating systems.