A new study has revealed that 91% of respondents reported having their clients victimized by ransomware in the past twelve months.
Surveying more than 1,000 IT service providers in the United States and internationally, representing hundreds of thousands of small businesses, the research by Datto also revealed that a shocking 40% of survey respondents reported more than half-a- dozen separate attacks during the same time frame. In the United States, these attacks cause $75 billion in damages to small and medium-sized businesses, with downtime from ransomware often costing businesses more than $8,500 per hour.
The survey was among the first of its kind to shed light on the largely unknown but rapidly growing form of cyber attack in which hackers commandeer a company’s data and hold it under password protection until a considerable ransom is paid, usually in bitcoin – a digital, anonymous currency. One reason for the lack of awareness regarding ransomware, the survey also found, was the relatively low rate, roughly one in four, of businesses reporting attacks to the authorities.
In a clear indication of ransomware’s growth as a major impediment to business, 31% of respondents replied that they experienced multiple attacks in a single day, a number experts expect will continue to grow. Ransomware attacks like these can cause crippling downtime for businesses and 63% of survey respondents mentioned that a ransomware attack led to business-threatening downtime.
“Ransomware is not about a couple of hacker kids sitting in the basement and messing around,” said Austin McChord, Datto’s CEO. “It’s a major enterprise orchestrated by large and well-funded companies, and it’s becoming a massive problem for businesses, regardless of industry or geographical location. Our survey found that a considerable number of businesses experienced business-threatening downtime as a result of being attacked, and that most attacks sailed right past the anti-viruses and other measures small businesses think will protect them from such cyber crime.”
According to the survey’s other findings, the average ransom demanded ranges between $500 and $2,000—often a considerable expenditure for a small business with limited resources—with more than ten percent of respondents, however, reporting a ransom larger than $5,000. And payment, sadly, does not guarantee the data’s return: as much as seven percent of respondents reported incidents in which payment did not result in the secure return of the hijacked data.
While ransomware affected all industries, the most vulnerable to attacks were the professional services industry, health care, and construction and manufacturing. The overwhelming majority of respondents were American, with additional responses collected by managed service providers in Canada, Australia, the United Kingdom and elsewhere.
“As those of us in the industry know, and as business owners are only now beginning to realize, ransomware is likely to continue, costing the American economy hundreds of millions of dollars and jeopardizing the ability of tens of thousands of companies to carry on,” said Jeremy Koellish, Chief Operating Officer, TekTegrity. “As this survey proves, the only businesses who were able to successfully overcome a ransomware attack close to 100% of the time were those with backup and recovery solutions in place, and we hope more businesses pay attention and take the necessary precautions.”