Last week, Malwarebytes released the Second Annual State of Ransomware Report, which was conducted on its behalf by Osterman Research. The study looked at 1,054 companies with 1,000 or fewer employees in North America, France, the UK, Germany, Australia and Singapore.
The results are sobering for small- and medium-sized (SMBs). For instance, about one in six organizations infected with ransomware suffer 25 hours or more of downtime; some are crippled for more than 100 hours. Twenty-two percent of infected companies ceased business operations immediately and 15 percent lost revenue. The press release offers numbers supporting the idea that organizations put a high priority on fighting ransomware but that they lack confidence in their ability to do so. Infections spread quickly and, in many cases, the victimized company doesn’t know where the attacks came from.
The survey found that businesses of this size in Europe are harder hit than in the United States and that most companies don’t believe in paying ransomware demands. The most concerned industry is financial services; the least is transportation. About one-third of responding companies use anti-ransomware technology and about the same percentage experienced attacks.
A second recent survey was conducted by Webroot. Cyber Threats to Small and Medium Sized Business in 2017 didn’t jive with the idea that SMBs as a group are particularly alarmed about ransomware. The size of the target group was half of that looked at by Malwarebytes/Osterman survey. This may at least partially account for the difference in findings.
The firm found that 42 percent of companies called ransomware a major external security threat. Perhaps more important than the percentage is the fact that ransomware was fifth on the list of concerns, following distributed denial of service (DDoS) attacks (43 percent), phishing (47 percent), mobile attacks (48 percent), and the catch-all “new forms of malware infections” category (56 percent). It’s unfair to say that SMB owners are discounting ransomware. It seems more likely that fighting it is vying for the limited amount of time and money that can be spent on security.
SMBs arguably are more vulnerable than enterprises. OnMSFT reports that Microsoft is recommending that users remove the SMBv1 file sharing protocol from PCs because it was used by crackers to distribute WannaCry and Petya through networks. It is also used by SMBLoris, a flaw that was announced by RiskSense at the DEF CON hacker conference late last month in Las Vegas. The firm said that it can affect all versions of the SMB protocol and all Windows versions since Windows 2000.
Steps should be taken:
Microsoft is planning to entirely remove the SMBv1 protocol in the Windows 10 Fall Creators Update, so it may be not be as bad as it seems. However, everyone still running older versions of Windows will remain affected by the issue, that’s why it’s strongly recommended to simply disable the SMBv1 protocol.
SMBs are especially vulnerable to attacks because of their limited capabilities and the likelihood that old flaws, which long have been corrected by enterprise IT teams, are still unpatched and dangerous. In the case of ransomware, this mix can be catastrophic.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at [email protected] and via twitter at @DailyMusicBrk.