Report: SMBs paid $301M to ransomware hackers last year

About 5% of SMBs fell victim to ransomware attacks in the past year, leading to financial strain from downtime and data loss, according to a new survey from Datto.

Video: The Locky ransomware is back, and the virus is sending out millions of messages

Small- and medium-sized businesses (SMBs) paid ransomware hackers $301 million in 2016 to decrypt critical files--and 99% predict that these attacks will continue to rise in the next two years, according to Datto's State of the Channel Ransomware Report, released Thursday.

Some 97% of the 1,700 managed service providers (MSPs) surveyed reported that ransomware is becoming more and more frequent for their SMB partners. About 5% of all SMBs fell victim to a ransomware attack in the past year, the report found. And most of the financial strain caused by these attacks is not due to the ransom itself, but the resulting downtime and data loss.

"The impact of downtime affects SMBs far more than the cost of ransom requests," said Robert Gibbons, CTO of Datto, in a press release. "Seventy-five percent of MSPs reported having clients who experienced business-threatening downtime as a result of a ransomware attack."

The majority of ransomware attacks are not reported to authorities: From 2016 to 2017, slightly less than one in three SMB ransomware attacks were reported--an improvement from less than one in four from 2015-2016, the report noted.

SEE: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)

SMBs often pay the price, as they may not have the means to combat these threats. However, fewer are doing so: Only 35% of MSPs reported that SMB victims actually paid the ransom in 2017, down from 41% in 2016. Some 15% of those that did not pay this year did not recover their data. Nearly half of respondents reported that the ransom request is typically between $500 and $2,000.

The industries most targeted by cybercriminals were construction, manufacturing, healthcare, professional services, and finance, the report found. Software as a Service (SaaS) applications are a growing target for attack, with Dropbox, Office 365, and G Suite most at risk. Mobile and tablet attacks continue to rise as well.

CryptoLocker remains the most popular strain of attack, followed by CryptoWall, Locky, WannaCry, and CBT Locker.

However, 96% of SMBs with a backup and recovery solution in place fully recovered from ransomware attacks, the report found.

"No single defense solution is guaranteed to prevent a ransomware attack," said Dale Shulmistra, president of Invenio IT, in the press release. "The most effective means for business protection from ransomware is a backup and disaster recovery (BDR) solution, followed by cybersecurity training."

Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.

  • SMBs paid ransomware hackers $301 million in 2016 to decrypt business files. -Datto, 2017
  • 99% of MSPs predict that ransomware attacks will continue to rise in the next two years. -Datto, 2017
  • 96% of SMBs with a backup and recovery solution in place fully recovered from ransomware attacks. -Datto, 2017
Image: iStockphoto/kaptnali

Also see