Results from the latest survey done by a data protection provider, have resulted in an eye opening number of 5.7 millions dollars that have been paid out in the last 12 months to ransomware, here in Canada.

The study surveyed over 200 providers of small and medium-sized businesses over a 12 month period which ended in Q2 2017.  If we consider that this is a representation of all small and mid-sized businesses, than that means roughly 4% were hit with ransomware during this time period.  Out of that percentage, it was also noted that 32% admitted to paying the ransom.

Now keep in mind, just because you pay the ransom, doesn’t always mean you will recover your data.  Out of the businesses that admitted to paying the ransom, only 13% actually received their data back.  Their hope was of course, to pay the ransom and get the key to decrypt their locked data… but in the end they ended up losing all their data, as well as their money.

Of the 200 providers surveyed, six or more of their clients faced attacks in the first half of 2017 alone, and roughly 31% of Canadian service providers noted that their customers faced multiple attacks in a single day!

Based on such a high number of attacks, it is safe to say that there may be 1 if not 2 things that the providers are doing wrong:  They may not be patching software enough and not educating their staff about being careful of clicking on attachments in their email.

Thankfully the ransom demands are not usually too large, but 43% of those surveyed had paid anywhere from $500 – $2,000 for their ransom.  There were only a few that paid closer to the $10,000 amount.  For the most part, paying wasn’t the biggest part of the payout, as businesses had to deal with downtime and of course issues if they did not receive their data back once payed.

Additional Facts:

• After the attack, 13% of service providers noted that cleaning up was not easy.  Not only did the ransomware stay in their clients’ system but they struck again later on.
• 33% mentioned that their customers’ back-up was encrypted as well.

 

These numbers suggest that customers did not separate back-up from production environments, and/or they didn’t realize that the back-up also needed to be scanned for possible infections.

Because Ransomware can also hit Dropbox (the biggest in this category), Office 365, Google G-Suite and AWS, it isn’t always safest to move to the cloud.

There is a large variety of ransomware strains out there but for this study, it was found that CryptoLocker, CryptoWall and Locky were the most common.  It was also found that 28% of the providers customers had NOT reported the incident to police, which makes it even more difficult to get proper numbers on ransomware here and all over the world.

The best defense against ransomware is a back-up and recovery process that is regularly tested.  It is also imperative to educate and remind staff of the importance of security when receiving and sending emails.  Ransomware infections are primarily sent though emails via phishing scams, so they should be aware and able to recognize these signs.

 

Quick Tips

Make sure you are running the latest software.

---

Topic:  Canadians pay out $5.7 Million in Ransomware