Ransomware is poised to cost organizations around the world a combined $1 billion in damages and related expenses annually by the end of this year, according to a new report from Herjavec Group and Cybersecurity Ventures. That’s only the tip of the iceberg, though, as a Datto study indicated downtime currently costs U.S.-based small and medium businesses (SMBs) about $75 billion each year.
According to the “Hackerpocalypse: A Cybercrime Revelation” report from Herjavec Group and Cybersecurity Ventures, there has been an increase in phishing campaigns and ransomware attacks this year, resulting in $209 million in damages to organizations during the first quarter of 2016.
“There is no effective law enforcement for financial cybercrime today,” said Robert Herjavec, founder and CEO of Herjavec Group, in a statement. “Organizations need to increase their defenses and become more resilient because there is no end state in sight for this epidemic. So long as cybercriminals can get paid, with limited risk, attacks will continue. The challenge remains that large enterprises aren’t nearly as agile as their attackers.”
Herjavec Group indicated the rise of crypto currencies and no fear of retribution for their crimes have driven cybercrime activities.
Datto’s survey indicated the downtime caused by cybercrime is costing U.S. SMBs more than $8,500 per hour. The company surveyed more than 1,000 IT service providers in the U.S. and elsewhere. It found that 91 per cent of respondents had clients that were victimized by ransomware in the past 12 months. Forty per cent reported they had seen more than half a dozen separate attacks in that same timeframe.
“Ransomware is not about a couple of hacker kids sitting in the basement and messing around,” said Austin McChord, CEO of Datto, in a statement. “It’s a major enterprise orchestrated by large and well-funded companies, and it’s becoming a massive problem for businesses, regardless of industry or geographical location. Our survey found that a considerable number of businesses experienced business-threatening downtime as a result of being attacked, and that most attacks sailed right past the antiviruses and other measures small businesses think will protect them from such cybercrime.”
On average, ransomware attackers demand between $500 and $2,000 from their small business victims, but more than 10 per cent of respondents indicated they had clients who were asked for much greater ransom sums (larger than $5,000).
It’s not money SMBs can afford to pay. Unfortunately, even if they do meet the demands of cybercriminals, there’s no guarantee their data will be returned safe and sound. About seven per cent of respondents indicated they had seen incidents where the hijacked data was not returned.