As ransomware costs increase, along with the effectiveness and use of extortions, smaller businesses are paying the price, according to new data from Webroot.
Small businesses seem to be easy prey for ransomware gangs, according to Webroot’s just-released BrightCloud Threat Report. Whether it’s an assumption (and possible realization) of less-than-adequate security and/or backups in place, or the growing presence of cyber insurance, the SMB is most definitely in the crosshairs of threat actors using ransomware to generate their profits.
According to the report:
- 44% of all ransomware victim organizations were less than 100 employees
- 82% of all ransomware attacks targeted organizations with less than 1,000 employees
- Additionally, 34% of organizations with 21-100 employees experienced malware infections
To make matters worse for the SMB, the average ransom at the end of 2021 was $322K, with a median ransom of $117K – monies most SMBs can’t easily get a hold of to address ransomware attacks.
According to the report, Webroot identified over 4 million *new* high-risk URLs, with just under two-thirds of them being utilized as part of phishing attacks. This reinforces the continual use of phishing as an initial attack vector for ransomware attacks, requiring users within organizations to play a role in helping to stop these attacks. By implementing continual Security Awareness Training, organizations can teach employees to be watchful for phishing attacks, stopping them by simply not engaging with malicious content in emails and on the web.