Identified by the U.S. Department of Justice as 2017’s “biggest cyberthreat”, ransomware is making a name for itself across the board. While you may think, cybercriminals are only after large corporations like hospitals or banks, the focus is increasingly shifting towards targeting smaller organizations, who may be more vulnerable. An article on The Parallax tells us why cybercriminals are targeting small businesses and how to prevent them from successfully carrying out a ransomware attack.
Ransomware is a malicious software that targets and encrypts a computer until its owner pays the ransom.
Although larger organizations may hold a greater amount of PHI than smaller businesses, cybercriminals see great value in targeting the little guys. Because smaller organizations have fewer safeguards and information security resources, the chances of a cybercriminal carrying out a successful attack on their network leading to ransom payment is far greater.
Experts believe if small businesses do not have proper data backups available and the ransom is low enough, the most cost-effective way to deal with a ransomware attack is often to pay the ransom.
These attackers have also learned that the most profitable method is to hit many small businesses with low ransom demands—usually $300 to $2,000. Even small businesses can generally afford to pay those amounts.”
— Eric Hodge, director of consulting, IDT911 Consulting
According to Hodge, organizations with less than 200 employees have seen “triple to quadruple” the number of ransomware attacks than in 2015.
Another alarming statistic released by the U.S. National Cyber Security Alliance states that 60 percent of smaller businesses go out of business within six months of suffering a ransomware attack.
Ransomware reportedly has cost U.S. small to midsize businesses alone more than $75 billion in damages and payments, according to a September 2016 survey by data protection vendor Datto.”
Indeed, 31 percent of the Datto survey’s respondents said they had experienced multiple ransomware attacks within a single day, and a whopping 63 percent said these attacks led to downtime in their business operations, which could cost them as much as $8,500 per hour.”
Symantec also discovered in their 2016 Internet Security Threat Report that 43% of phishing emails sent in 2016 targeted small businesses.