Small and medium-sized business have become top targets for ransomware attacks as a result of poor security, a willingness to quickly give in to ransom demands and ransomware-as-a-service business model, according to a Bitdefender survey.
Over 4,000 ransomware attacks have been detected per day since January 1, 2106 on Windows, Android, Linux and Mac OS, 300 percent growth from 2015, the US Department of Justice announced. In spite of poor network security, SMBs still store sensitive business data such as customer and product information and financial records, becoming a gold mine for hackers.
Businesses make a strong case for high extortion fees, but the ransom paid by South Korean web hosting provider Nayana is the highest ever made public.
Nayana has just experienced the largest known extortion case in ransomware history by paying a final fee of $1 million in bitcoin. The initial requested amount was the equivalent of $4.4 million but, after negotiating for 8 days, the amount was reduced and paid in three installments.
The attack affected 153 Linux servers and led to massive customer data loss. Approximately 3,400 clients were affected. Nayana is in the process of regaining access to the database, a transfer that may take four to seven days.
“Building on the massive financial milestones in 2016, ransomware operations will likely dedicate more resources to improving automated targeting in 2017,” forecast Bitdefender security specialists.
The most popular ransomware protection tools among SMBs in the US are anti-malware and endpoint security (80%), network firewalls (72%), email security solutions (71%) and client firewalls (71%).
In the last 12 months, one in five US-based SMBs has dealt with a ransomware attack, Bitdefender found, while 38 percent confirm paying ransom worth roughly $2,423. Even with ransom paid, most victims don’t get the decryption key so they lose access to the stolen data, plus they risk a second attack.
To safeguard their infrastructure and block ransomware attacks, businesses are advised to deploy an end-point security solution, regularly patch and update all web servers and software, use a backup solution and limit user access to mapped network drives, enable content filtering for email servers and train staff to detect cyber risks and social engineering schemes such as spear-phishing emails.