Businesses paid hundreds of millions of dollars to hackers last year, a new report shows.
A study released by data security solutions firm Datto, found that small-to-mid-sized businesses paid $301 million in ransomware – or malicious software that blocks access to a system until a ransom is paid – to hackers last year alone. The company said 5% of all small-to-mid sized businesses across the globe fell victim to a ransomware attack in 2016.
“The amount that [ransomware thieves] are collecting … It’s actually becoming its own industry in that sense,” Datto CEO Austin McChord told FOX Business. “These people are systematically extracting cash and ultimately implementing attacks on America’s small businesses.”
And these types of attacks are only increasing, the data protection firm found. Ransomware incidents have been more frequent in 2017 among small-to-mid-sized businesses. Ninety-seven percent of the managed service providers who work with these businesses reported that 86% of their clients had been victimized within the last two years and 15% said six or more hacks affected their clients over the past year alone.
“I think we continue to be shocked by just the prevalence of ransomware,” McChord said.
One notable ransomware attack occurred in May of this year, when a group of hackers used tools believed to be stolen from the National Security Agency to lock computers across more than 150 countries. As the software, called WannaCry, spread, it locked computers in hospitals, government buildings, central banks and big corporations, like Nissan and FedEx (NYSE:FDX), across the globe.
However, McChord notes that for small and mid-sized businesses, which are expected to have the same level of security as America’s largest corporations, ransomware is an everyday threat.
“There are dozens of different variants of this stuff … this is an everyday thing,” he said. “It doesn’t get reported as much as it should because frankly some of these business owners are embarrassed.”
While prevention may be a tall task, the key to minimizing damage from ransomware attacks is detection and having the ability to combat the threat.
“No single defense solution is guaranteed to prevent a ransomware attack,” said Dale Shulmistra, president, Invenio IT. “The most effective means for business protection from ransomware is a backup and disaster recovery (BDR) solution, followed by cybersecurity training."
While Datto found every industry is vulnerable to ransomware attacks, health care, construction, manufacturing and finance tend to be hit more than others. Datto also said what hurts businesses most is the downtime associated with a ransomware attack.