Ransomware attacks increased 41% in 2019. Ransom demands in Canada for 2019 totaled $341 million CAD, but when downtime and indirect costs were factored in this number rose to $2.3 billion CAD in costs. In 2020, we continue to see small and mid-sized businesses impacted by ransomware in big ways. In this article, we will explain what ransomware is, how common it is, and if you can remove ransomware.
What is Ransomware?
Ransomware is a form of malware that infects your computer and will often display messages demanding payment in order for you to regain access to your system. Data is locked and held hostage until the ransom has been paid and the user gets a decryption key.
It is a criminal moneymaking scheme that is commonly done through sending unsolicited emails. Typically in these emails there will be attachments, like a PDF or Word document, that is used to deliver the malware.
It is not recommended to pay the ransom as this won't always guarantee your data is restored, and could show the criminals that your business is one worth targeting again in the future. However, getting rid of ransomware legally can be an expensive process, leading many small business to pay ransoms more than once.
Where Did Ransomware Come From?
Ransomware is said to have originated in 1989 when Joseph L. Popp (know as the "father of ransomware") sent 20,000 infected diskettes, labeled "AIDS Information - Introductory Diskettes" to attendees of the World Health Organization's international AIDS conference held in Stockholm.
The diskettes encrypted the names of the files on user's computers, and required payment of $189 to regain access.
How Common is Ransomware?
It difficult to find exact statistics about ransomware because it is not required to report attacks.
However, from the information that has been reported it's been found that:
- In the US, nearly 1000 organizations were impacted by ransomware attacks in 2019,
- Downtime as a result of ransomware is up 200%,
- Ransomware attacks increased 41% in 2019,
- 71% of companies targeted by ransomware attacks have actually been infected,
- 50% of successful ransomware attacks infect at least 20 computers at a company,
- A ransomware attack will now target businesses every 11 seconds, and
- The healthcare sector is typically the most targeted with small and medium sized businesses as the next primary targets.
What is the Average Ransomware Payout?
By the end of 2019, the average ransomware payout increased to $84,116 USD. This was a 104% increase from Q3 of 2019 where the average payout was $41,198 USD.
Ransom demands in Canada for 2019 totaled $341 million CAD, but when downtime and indirect costs were factored in this number rose to $2.3 billion CAD in costs.
However, because ransomware is under-reported, these estimated are likely lower than the true total.
Why Are Small Businesses Targeted?
Approximately 20% of ransomware victims were SMBs in 2019.
- Many small business owners think they are too small to be targeted,
- Most attacks the media covers are for large businesses which makes small businesses unaware of the risks they face,
- A lack of policy around computer use,
- Not backing up data properly makes them vulnerable, and
- It can be a high stress environment which leads to quick reactions when emails come in.
Can You Remove Ransomware?
Ransomware can be complex, meaning you can't simply remove it like other forms of malware.
Certain ransomware programs will delete themselves after a set period of time, or can be removed by certain antivirus software.
On Android phones, certain types of ransomware can be removed by performing a factory reset.
Depending on the type of attack, a different course of action will be required. Ransomware can typically be removed, but it is best to consult a cyber security team for your exact case.
In the event of a ransomware attack: disconnect your computer from the network and any attached storage systems (USB sticks of external hard drives), take a photo of the message displaying on your screen, and seek help.
How Long Do Ransomware Attacks Last?
The average length of a ransomware attack is now 16.2 days. This is up 12.1 days from the third quarter of 2019.
Depending on the severity of the attack, this duration can vary widely.
To learn more about ransomware and cyber security for small businesses, listen to our podcast episodes below. Cyber security expert, Dominic Vogel, breaks down the risks small businesses face and offers solutions you can start to implement today.
Each episode also has a transcript available, click the images below to be taken to it.
Listen to Part 1:
Listen to Part 2: