Research: More SMBs Are Reporting Ransomware Attacks to Authorities But Less Are Paying the Ransom

Across the globe, an estimated 5% of small-to-mid-sized businesses (SMBs) fell victim to ransomware from 2016 to 2017, and according to 97% of managed service providers (MSPs) ransomware attacks increase in magnitude year over year.

New research conducted by Datto reveals that ransomware continues to be the #1 threat to businesses big and small on a global scale. In the global survey, 86% SMB clients were recently victimized by ransomware, and 21% of respondents reported six or more SMB attacks in the first half of 2017 alone. Almost all (99%) of MSPs are noticing that the frequency of SMB targeted attacks is increasing every year, gearing up for an even bigger spike over the next two years.

While more SMBs are now reporting attacks to the authorities, less are willing to cede to hackers’ demands and pay the ransom. 35% report SMBs paid the ransom, down from 41% in 2016. The total cost of ransom paid to ransomware hackers in 2017 is $301M. Of those victims that pay up, 15 percent still never recover the data. Furthermore, less than one in three ransomware attacks are reported by SMB victims to the authorities, an improvement from one in four incidents reported in 2016.

As a result of a ransomware attack, 75% of MSPs report clients experienced business-threatening downtime. Respondents said ransom requested is typically between $500 and $2,000, yet “the ransom isn’t what breaks the bank,” according to the report – it’s the downtime and data loss that cut the deepest.

Ransomware operators are also greedier nowadays. Nearly 30% of MSPs report a ransomware persisted on an SMB’s system after the first attack and struck again at a later time. In fact, one in three MSPs actually had their SMB’s backup encrypted, making recovery next to impossible.

Other findings include:

  • CryptoLocker is still the most common variant attacking SMBs, but new and
  • aggressive strains pop up every single day
  • 85% of MSPs who’ve dealt with ransomware reported a CryptoLocker infection, followed by CryptoWall, Locky and WannaCry
  • Verticals most prone to getting hit by ransomware are Construction, Manufacturing and Professional Services
  • Software as a Service (SaaS) applications continue to be a growing target for ransomware attacks with Dropbox, Office 365 and G Suite most at risk
  • Mobile and tablet attacks are on the rise

Datto’s findings corroborate Bitdefender’s own results from a survey of 250 IT pros in the US working in SMBs, carried out by Spiceworks. One in five SMBs in the US reported a ransomware attack within the past 12 months, Some 38% indicated they paid ransom – $2,423 on average – but most did not recover the encrypted data.

Less than half (45%) of the SMBs that paid to regain access to their data after falling victim to ransomware actually got their information back. Of those targeted, most were able to mitigate the attack by restoring from backup (65%) or through security software/practices (52%). A quarter of those targeted couldn’t find a solution to address the ransomware attack and lost their data.

*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Filip Truta. Read the original post at:

Secure Coding Practices