Ransomware targets US SMBs due to weaker protection and greater willingness to pay up

By Razvan Muresan on Jun 15, 2017 | 

Attackers are now targeting small and medium businesses to extort higher fees, a Bitdefender survey shows, meeting the company’s predictions for 2017.

One in five small and medium businesses (SMBs) in the US reported a ransomware attack within the past 12 months, according to a Bitdefender survey of 250 IT pros in the US working in SMBs, carried out by Spiceworks.

Some 38% indicated they paid ransom - $2,423 on average - but most did not recover the encrypted data. Ransomware, a type of malware that locks and usually encrypts a computer’s files until the victim pays to regain access, is the fastest growing malware threat, targeting users of all types—from the home user to the corporate network.

On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016, a 300-percent increase over the approximately 1,000 attacks per day seen in 2015, according to the U.S. Department of Justice. SMBs are ideal targets for ransomware developers as some do not invest in security solutions, yet they handle sensitive business information (i.e. customer data, financial records, product info), targets that cyber-criminals value most.

Bitdefender’s survey shows that less than half (45%) of the SMBs that paid to regain access to their data after falling victim to ransomware actually got their information back. From those targeted, most were able to mitigate the attack by restoring from backup (65%) or through security software/practices (52%). A quarter of those targeted couldn’t find a solution to address the ransomware attack and lost their data.
​

Read More