Small and medium businesses across Europe are being actively targeted by ransomware attacks, new research has shown.
According to data protection firm Datto, 87% of European IT service providers it surveyed said their SMB customers had been hit by a ransomware attack at some point during the previous 12 months. Additionally, 40% of respondents reported multiple attacks during that time. Just over a quarter of respondents (27%) reported experiencing multiple attacks in a single day.
In terms of the impact these attacks are having, the survey revealed the average ransom demanded was between £500 and £2000. In 15% of reported cases the demand was in excess of £2000. Nearly half (47%) said paying the ransom was ineffective, as they still lost some of the data that had been encrypted by the attackers.
As well as financial penalties, ransomware attacks can also impact the business in other ways. A majority of respondents (62%) said they’d experienced downtime during the attack. For smaller organizations, the combination of financial loss and downtime can threaten the continued operation of the business, Datto said.
Frustratingly, just 40% of ransomware victims end up reporting the crime to the authorities. The FBI has previously said that reporting ransomware attacks will help it get a better understanding of exactly how many attacks are occurring as well as help the industry develop its defenses; traditional antivirus has so far proved to be ineffectual against most ransomware.
“Ransomware is more than just a nuisance; it’s a major money-making operation backed by professional and well-funded organizations,” said Andrew Stuart, managing director, EMEA at Datto.
“It’s fast becoming a massive problem for European SMBs. Our research shows they are experiencing business-threatening downtime as a result of being attacked. More often than not, these firms have deployed antivirus software and other security measures in order to protect against ransomware, however, hackers are finding it way too easy to circumnavigate these defenses,” he said.
Ransomware is rapidly becoming cyber-criminals’ weapon of choice. A similar survey found that 50% of organizations had been targeted by ransomware attacks, while Check Point recently warned that ransomware attacks doubled during the second half of 2016. In the UK 30% of NHS Trusts have been hit, including one that suffered 19 ransomware attacks in a 12-month period.
Earlier this week experts at the UK National Cyber Security Centre (NCSC) warned that personal devices such as smartphones and fitness trackers could be used by criminals to hold people to ransom over personal data.
“In 2017 it is likely that ransomware will target connected devices containing personal data such as photos, emails, and even fitness progress information. This data may not be inherently valuable, and might not be sold on criminal forums but the device and data will be sufficiently valuable to the victim that they will be willing to pay for it,” NCSC’s report said.