Ransomware a Death Sentence for More than 1 in 5 SMB Victims

Ransomware is taking a heavy toll on small and medium businesses.

An Osterman survey commissioned by Malwarebytes asked more than 1,000 companies, each with fewer than 1,000 employees, about their experiences with ransomware. The results paint a dismal picture.

Malwarebytes’ Marin Kleczynski

One-third of businesses suffered a ransomware attack in the previous year. For nearly one-quarter (22 percent) of those victims, it was a death sentence that forced them to shut down operations immediately.

Malwarebytes CEO Marin Kleczynski says small businesses face much higher consequences for ransomare compared to that of a large enterprise.

“Osterman’s findings demonstrate that SMBs are suffering in the wake of attacks, to the point where they must cease business operations. To make matters worse, most of them lack the confidence in their ability to stop an attack, despite significant investments in defensive technologies,” Kleczynski said. “To be effective, the security community must thoroughly understand the battles that these companies are facing, so we can better protect them.”

The study made a perhaps unexpected point — it’s the ransomware downtime, and not necessarily its demands, that cripple SMBs. The downtime lasted for more than 25 hours for one in six respondents. Certain companies endured more than 100 hours of idleness.

The study concluded that most businesses don’t know how to deal with ransomware. Approximately one-half of the respondents have little to moderate trust in their ability to prevent a ransomware attack. And for those that suffered an attack, more than one in four (27 percent) couldn’t figure out the endpoint in which the infection started.

“It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident in their ability to deal with it,” said Adam Kujawa, Malwarebytes’ director of malware intelligence. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”