If your data is held for ransom, paying up will get your company’s data back, right?
Not necessarily. That’s the result of a recent survey.
Ransomware is a form of cyber-attack in which criminals install malware (or trick victims into installing malware) on someone’s computer that prevents the victim from accessing his or her files until he or she pays a ransom to the criminal.
In 2016 losses to ransomware were somewhere around a billion dollars, and spread across all different industries. Even hospitals were targeted.
But one major change in ransomware has taken place in recent months: Criminals are no longer adhering to their prior “code of ethics,” and, in many cases, even when ransoms are paid, attackers do not return access to files to their rightful owners.
According to a survey of 250 information technology professionals working in small and medium-sized businesses (SMBs) conducted by Bitdefender and Spiceworks, 1 in 5 SMBs was infected with ransomware within the past year; of those, 38 percent paid the ransom (an average of $2,423). But, of those who paid the ransom, only 45 percent got their data back.
Email, cited by 77 percent of SMBs, is the most popular vector of attack.
Cybercriminals use email to compel victims to open or download attachments, or click malicious links, reported 56 percent and 54 percent of SMBs, respectively.
Nearly one-third (31 percent) of attacks occurred via social engineering.
The survey found most SMBs hit with ransomware attacks were able to mitigate the attack by restoring data from backup (65 percent ), or through security software or practices (52 percent). One-quarter of those targeted could not find a solution to address the problem and lost their data as a result.