55% Of SMBs Would Pay Up Post-Ransomware Attack

By   ISBuzz Team
Writer , Information Security Buzz | Apr 29, 2019 01:45 am PST

It has been reported that 55% of small and medium businesses  (SMBs) would pay up if they were hit by a ransomware attack. The number jumps to 74% among larger SMBs with 150 to 250 employees, as stated in the AppRiver Cyberthreat Index for Business Survey. Nearly 40% went so far as to say they “definitely” would pay the ransom, at almost any price, to prevent leakage or loss of data. 

https://twitter.com/NRockMartin/status/1121734713654304768

Five Phases of Ransomware Attack: 

Expert Comments: 

Gavin Millard, VP Intelligence at Tenable:

“Paying criminals is never something I’d personally recommend – after all, you don’t know who you’re dealing with and whether they can be trusted. While research suggests that those that choose to pay do receive a decryption code, what is certain is that the criminal is rewarded for their efforts so encouraged to continue this scourge. 

“Instead, the money would be better invested preventing infection in the first place and, if that’s not possible, ensuring an infection doesn’t mean game over.   

“Rather than a sophisticated attack, or even a zero-day exploit, ransomware typically targets just a handful of well-known vulnerabilities so the best way to stay ahead of attacks is to practice basic security hygiene.  Continuously identifying and patching systems with vulnerabilities favoured by the exploit kits to deliver their payload, improving inbound content filtering and educating users to identify phishing emails, implementing anti-malware controls and backing up critical files should all be considered to make it far harder for the criminals to collect their bounty.   

“Should the worst case happen it’s about ensuring you can recover quickly. This means identifying the data and systems that are critical for your organisation to continue to function. If they can’t be protected, ensure you have a robust non-attached backup solution that’s stored security. Systems and data can then be restored effortlessly meaning the business can shrug off the inconvenience and get back up and running quickly.” 

 

Subscribe
Notify of
guest
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

0
Would love your thoughts, please comment.x
()
x