71% of ransomware attack are on SMBs, according to a new report from Beazley Breach Response (BBR) Services
When an attack involves widespread encryption across an organization’s network ransom demands can be very high. The highest ransom demand received by a client was $8.5 million. The ransom wasn’t paid, but some companies have no alternative other than to pay the ransom demand. One client paid $935,000 for the keys to unlock encrypted files. In 2018, the average ransom demand was $116,324 and the median ransom demand was $10,310.
Beazley explained that the reason SMBs are attacked more often is because they typically do not invest as heavily in cybersecurity as larger companies and are therefore easier to attack.
Two of the most common cybersecurity failures that are exploited to gain access to SMB networks to install ransomware are the failure to change default RDP ports and the use of weak passwords, which makes SMBs susceptible to brute force attacks. A high percentage of ransomware attacks in 2018 were on companies that had failed to lockdown Remote Desktop Protocol.
Once access is gained, attackers attempt to gain access to as many networked devices as possible before deploying ransomware. The more extensive the encryption, the higher the ransom demand is likely to be.
While there are highly skilled hacking groups using ransomware to extort money from businesses, many attacks were performed by individuals with little skill using ransomware-as-a-service. With ransomware-as-a-service, it is not necessary for individuals to develop their own ransomware. They can just concentrate on attacking organizations.
Ransomware attacks are conducted on businesses from all industry sectors, but healthcare organizations account for the highest percentage of attacks. 34% of all attacks were on healthcare clients. The financial services and professional services sectors account for 12% of attacks apiece, with retail in third place with 8% of attacks. Hacks and malware incidents accounted for 47% of all breaches dealt with by BBR Services in 2018.
Beazley also notes that there was an increase in sextortion scams in 2018. These scams are conducted to blackmail victims but also to fool them into installing ransomware or other forms of malware.
There has also been a rise in business email compromise (BEC) attacks, which increased by 133% in 2018. 24% of all breaches dealt with by BBR Services were BEC attacks, up from 17% in 2017. The average claim for a BEC attack was $70,960 and the maximum was $2.5 million.