author photo
By Bruce Sussman
Wed | Oct 16, 2019 | 9:19 AM PDT

Hackers are raising their prices significantly as they become bolder in their ransomware attacks on small and medium-sized businesses (SMBs).

That's a key piece of data we walked away with after reading fresh research from IT managed services provider Datto. The company surveyed 1,400 MSPs and partners, and here is what they uncovered about ransomware attack trends.

Ransomware attacks against SMBs, new data

The research revealed that the average ransom that hackers are demanding from SMBs is climbing. In fact, it rose 37% in a single year. Here is the breakdown.

  • Average SMB ransom demand in 2018: $4,300
  • Average SMB ransom demand in 2019: $5,900

Ransomware attacks: paying the ransom is a bargain, if it works

Forget the ethics of paying cybercriminals for a moment. Let's just talk dollars and cents here. The report found the following:

  • The cost of ransom, on average, is 23 times cheaper than the cost of downtime per incident.
  • The downtime cost per ransomware attack is reported to be $141,000 in the United States and $180,000 in Canada.

Again, those are just pure numbers. Here are other things to consider.

For example, paying the ransom can increase your odds of being attacked again. Hackers know you will pay, right? Think about this in business terms. Who is most likely to buy your product or service? Often, it is those who have bought your product previously.

Also, the FBI claims you have about a 50-50 shot at getting decryption keys that do not work. 

At the very least, take an idea from the City of Valdez, Alaska, and run with it. City leaders demanded proof of concept from hackers before paying the ransom. Watch the video:

Ransomware_Paid_Example_Valdez_SecureWorld

And even if you become resigned to the idea of paying the ransom, are you set up to do it quickly? It takes time to acquire and then be able to send cryptocurrency to an attacker.

Ransomware disconnect: most SMBs do not see the threat coming

One of the most disturbing findings of the research shows that most small and medium-sized businesses still do not seriously consider themselves to be a valuable ransomware attack target. Only 28% claim to be "very concerned" about ransomware.

But the MSPs that help them with their IT certainly do. And this leads to a significant disconnect between them:

datto-ransomware-disconnect

Free resources on ransomware defense and cybersecurity

If your organization is hit by ransomware, you should also consider the free resources available at the No More Ransom Project.

Also, watch the complimentary SecureWorld web conferences for strategies to protect your organization and build a security awareness program, which is a key part of ransomware defense.

Because the cost of getting hit by a ransomware attack is headed up—whether you are expecting the attack or not.

[RELATED: Ryuk Ransomware Attacks and How They Work]

Tags: Ransomware,
Comments