More than a third of SMEs have experienced a ransomware attack over the past year. It shows a new report from Malwarebytes security company. The report, based on responses from 1054 companies from North America, Europe, Australia and Asia, also highlights the enormous impact that such an attack might have – 22 percent of the affected companies were forced to completely shut down their business to minimize the harmful effects. For about one in six affected organizations, a ransomware attack caused downtime for 25 or more hours. Several organizations state that their systems lay down for over a hundred hours after an attack. 15 percent of organizations in the survey state that they lost significant revenues as a result of ransomware.
Most organizations in Malwarebyte’s report see ransomware as a high priority to handle, but at the same time they are in doubt about their ability to handle it. 75 percent of the organizations surveyed have high or very high priority in solving the problem with ransomware. Despite this, almost half said that they did not have the ability to remove ransomware attack. This can be seen as particularly worrying given that over a third of organizations state that they have invested in active security (with tactics and technology) against ransomware, but despite having difficulty managing an attack.
Most concerned about the ransomware development are not surprising actors in the financial sector, while transport companies feel the least worry about being affected. For many companies, the source of infection is unknown and ransomware is spread, as we often know very quickly. 27 percent of organizations affected by ransomware also could not identify how the malicious code came into the network. More than a third of ransomware infections are spread to other devices and for two percent of the investigated organizations, the ransomware infection has affected all devices in the network.
Email the most vulnerable channel
The report also shows that SMEs in the United States suffer from harder malware than companies in Europe. The most common source of ransomware infections in US organizations was related to the use of email – 37 percent of the attacks on SMEs in the United States stemmed from a malicious email attachment and 27 percent from a malicious email link. However, in Europe, only 22 percent of the attacks were reported through a malicious email attachment, and as many were reported to come from a malicious link.
Paying or not paying is clearly one of the most controversial discussions about the harmful effects of ransomware. According to Malwarebyte’s report, 72 percent of small and medium-sized companies believe that they should never pay the sum of money to the attackers. However, the majority of those who are open to pay mean that this should only be done if the encrypted files are of great value to the organization. Furthermore, one third of the organizations affected by ransomware stated that they chose not to pay the solvency that they lost files as a result of this.