Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/27/2017
08:00 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Downtime from Ransomware More Lethal to Small Businesses Than the Ransom

New survey of small-to midsized businesses (SMBs) shows half of SMBs infected with malware suffer 25 hours or more of business disruption.

Of more than half of all small-to midsized businesses (SMBs) infected with ransomware in the past year, attackers demanded ransom of $1,000 or less - a drop in the bucket in comparison to the downtime these attacks cause, a new report shows.

The survey of more than 1,000 SMBs in the US, UK, France, Germany, Australia, and Singapore, found that while 65% have not been hit with a ransomware attack in the past 12 months, nearly 30% have suffered one to five such incidents; 5%, six to 10  ransomware incidents; and 1%, 11- to 20-plus such incidents.

Ransomware indeed is becoming the darling of attackers, with 70% of malware distributed in June of the ransomware type, according to Malwarebytes' data from a report earlier this month. And with two major ransomware attacks this year, WannaCry and Petya, spreading around the globe rapidly via worm-type exploits, SMBs appear to consider malware a clear and present danger.

Around seven in 10 SMBs are either "concerned" or "extremely concerned" about ransomware, the Malwarebytes SMB report shows.

"Ransomware wasn't necessarily the most expensive aspect of a ransomware attack: downtime, revenue loss, and fallout were more expensive and far more damaging, especially when you're talking about small businesses," says Adam Kujawa, head of malware intelligence at Malwarebytes. He says it's easier for larger organizations to recover from a ransomware attack because they have more resources to do so than an SMB does.

In some 22% of organizations, ransomware attacks halted business immediately, while 37% say their users, customers, and vendors were affected by the attack, and 15% say they lost revenue due to the attack.

Downtime-wise, 27% were down for one- to eight hours; 23%, nine- to 16 hours; 24%, 17- 24 hours; and 15%, 25- to 100 hours.

Nearly 30% of SMBs don't know the origin of their ransomware infection. "Most do not know where the ransomware comes from. It just shows up one day on their endpoints, and then they say 'oh crap, what do I do.'"

Higher ransom rates were less common for SMBs. More than 10% were above $10,000, and around 3% were higher than $50,000.

Most SMBs don't believe ransomware victims should pay up, and just 28% say they paid the ransom. Even so, 32% of those that didn't pay ransomware attackers ended up losing their files for good.

The debate over whether or not to pay ransomware attackers has caused confusion and angst among the business world. While most security experts say victims should not to comply with the data kidnappers' monetary demands, others say there are times that it's best to pay up.

"You can avoid it if you have backups or some method of getting your files back," Kujawa says. "If the data's not important to you, you do not need to pay. There's a 50% chance you're going to get it back, anyway."

But if the loss of the locked-down files is costly, paying up may be the best bet. "If there's a legitimate or steep fine for not having those files, paying ransom may be an option," he says.

That doesn't necessarily mean paying the full amount the attackers demand. "Try the best way to communicate them and try to negotiate the price … for a few files, for example," he says. "They're still happy to get some money."

Related Content:

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
7/31/2017 | 5:29:01 PM
Re: No Kidding??
It really does sound like a no-brainer but I do know enough folks with small business IT who are really clueless about the core essentials.  The concept of shadow servers, real-time database backups, and business continuity in general isn't very accessible to small business owners who are trying to do their own IT.  Having features like this built into most OS and throwing prompts up by default when users like this are logging in to encourage setup of such features really helps.  Education is one thing, but the tools should also push and prompt the users to do the right thing.
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
7/27/2017 | 8:09:14 AM
No Kidding??
ANY downtime is hurtful to a small business.  Most of my clients up north were single server offices so if that went south, the business ceased to exist and the financial backing could survive about a week or two.  I was proud to limit downtime loss to 3 hours for one instance of Cryptolocker.  WHY?  I had a good schema and TESTED it from time to time.

Hey - single business consultants --- backup and test, what sounds strange about that?
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.