More than one-third of small and medium-sized businesses have experienced a ransomware attack in the last year, new research found.
On top of that 22 percent of those businesses hit by the attacks had to cease operations immediately, according to a new Malwarebytes report.
Malwarebytes’ “Second Annual State of Ransomware Report” is based on the answers by 1,054 companies from North America, France, the UK, Germany, Australia, and Singapore.
For one in six impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting it caused systems to be down for more than 100 hours.
In addition, among the SMBs that experienced a ransomware attack, 22 percent reported they had to cease business operations immediately, and 15 percent lost revenue.
Seventy-five percent of organizations surveyed place a high or very high priority on addressing ransomware.
Despite these investments, nearly one-half of the organizations surveyed expressed little to only moderate confidence in their ability to stop a ransomware attack.
For 27 percent of organizations that suffered a ransomware infection, decision makers could not identify how the endpoint(s) became infected.
On top of that, over one-third of ransomware infections spread to other devices. For two percent of organizations surveyed, the ransomware infection impacted every device on the network.
The most common source of ransomware infections in U.S.-based organizations was related to email use. In addition, 37 percent of attacks on SMBs in the U.S. were reported as coming from a malicious email attachment and 27 percent were from a malicious link in an email.
In Europe, however, only 22 percent of attacks were reported as coming from a malicious email attachment. An equal number were reported as coming from malicious link in an email.
In terms of paying off the ransom, 72 percent of respondents believe the demands should never be paid.
Most of the remaining organizations believe demands should only be paid if the encrypted data is of value to the organization. Among organizations that chose not to pay cybercriminals’ ransom demands, about one-third lost files as a result.
Click here to register to download the full report.