More than 50 percent of small and midsized businesses have fallen victim to ransomware, and of those, 48 percent paid a ransom, according to a survey released today by Ponemon Institute and Carbonite.
The
average company had four ransomware attacks last year, paid an average
ransom of $2,500 per incident, and spent 42 hours dealing with the
attack.
"We're nowhere near the end of the ransomware threat," said Norman Guadagno, chief evangelist at Carbonite, which provides continuous automated cloud backup services.
Of those who did not pay up, 42 percent said that having a full and accurate backup was the reason.
And only 13 percent said their preparedness to prevent ransomware was "high."
"People say, 'I know I should back up, have anti-virus, use strong passwords' -- but they don't do it," said Guadagno.
Only 46 percent of respondents said that prevention of ransomware attacks was a high priority for their company.
One reason could be that they don't think the hackers will bother with them.
According to the report, 57 percent of respondents said that their companies were too small to be a target of ransomware.
"Every business is potentially a target," he said. "If you have a computer, you're a target."
Norman Guadagno, chief evangelist at Carbonite
And
if companies believe that the ransomware will get into their backups,
making them useless, that's not true either, said Guadagno.
"Once
you find out you have a ransomware infection, our team rolls back to
before the point where you had the infection," he said.
If the
file containing the ransomware malware was also backed up, that file is
encrypted and inert, he said, and can't spread while it is stored in the
cloud.
And there are processes in place to catch it so that it doesn't get restored when the infected system is cleaned out.
"Our tech support teams get all the latest tools and ensure that you're downloading a clean backup," he said.
There hasn't been a case yet of a customer getting reinfected from a bad backup, he said.
"I'm
not saying that it's not a constant battle between us and them," he
added. "But we feel very confident -- we've helped more than 10,000 over
the past two years get their data back safely."
However, losing access to their data wasn't the only potential consequence of a ransomware attack, and that is where backups fall short.
According
to the survey, 55 percent of companies said they thought it was either
likely or certain that the ransomware also exfiltrated data from the
infected device.
"That was a stunning statistic," he said.
Businesses
should not only have anti-virus in place to keep ransomware from
getting in, but also train their employees to spot potential attacks.
According
to the survey, only 29 percent of respondents said they were confident
that their employees could detect risky links or sites.
It just goes to show that you can't even trust cybercriminals these days.
"The
criminals might be saying, 'Yup, we encrypted it, pay us, you'll get it
back, and everyone is happy'," Guadagno said. "But they could also be
poking through the data, looking for valuable information, and
exfiltrating it. It could be that the criminals are not telling us the
truth."
0 comments:
Post a Comment