The threat landscape for SMB IT is a growing viper pit
If your company’s IT security has NOT changed since 2020 then your risk is rising exponentially.
715% increase in ransomware attacks in from 2019 to 2020
—University of South Florida
As a trusted IT partner to small and mid-sized businesses, we take responsibility for keeping our clients protected from cyberattacks. That responsibility entails monitoring general activity so that we can respond proactively to address potential threats before they land on our doorstep.
What we have seen in the past 12 months has truly alarmed us.
Sharpest increase in ransomware activity, damages, and downtime in 2020
We have not seen a steep increase in activity like this in the last 18+ years of our company’s history. The cyber threat landscape climbed one dark milestone after another in the last year.
Mid-2020 the University of South Florida identified a 715% year-over-year increase in ransomware attacks
Though this year was unprecedented in terms of impact, it has not seen significant change in the structure of the cybercriminal complex. Over the last decade hackers have organized into large entities with all the sophistication of modern software companies.
Agile development and cloud deployment allows these organizations to shift focus very quickly to the most revenue-producing attack trajectories and deploy at scale. Driving the ransomware charge are a handful of ransomware agents: Ryuk, Sodinokobi, and Emotet. These are constantly being adapted to avoid detection by endpoint solutions.
For more context on the rise of cybercriminal organizations see The Humdrum Worklife of Cybercriminals.
For details on Ryuk see The Ryuk Ransomware Spree
The average ransom payment rose from $36,219 in Q2 2019 to $233,817 in Q3 2020, a 646% increase in 15 months (Coveware)
This statistic is actually a leading indicator on activity in this space. The more money an attack is likely to garner, the more resources and incentive an entity will have to drive the next round of attacks. Thus we would expect the number of attacks to continue to increase well into 2021.
There are a few reasons for the increase in payment average. Some are temporary and will lead to volatility in this area. In 2020 most organizations were taken by surprise when they could not log into their systems and received a ransom note. Panicking, many shelled out the ransom. However, the last quarter of 2020 saw a decline in average payments, down to $154,108 (Coveware). Coveware stated in its Q4 report:
Ransomware groups continue to leverage data exfiltration as a tactic. However, the trust that stolen data will be deleted is eroding; defaults are becoming more frequent when exfiltrated data is made public despite the victim paying. As a result, fewer companies are giving in to cyber extortion when they are able to recover from back ups. This inflection led to a large decline in average ransom amounts paid.
— Coveware Q4 2020
Unfortunately, we do not expect this positive change to set a new trend. Already we are seeing the most sophisticated attacks also breaching backups to take away this stop-gap measure from their victims. We believe these standoff situations have contributed to increase average downtime from ransomware incidents from 9.6 days to 21 days Q2 2019 to Q3 2020, a 219% increase in 15 months (Coveware).
It is also important to mention that there has been a fundamental increase in the value of IT functionality. Covid-19 changed consumer behavior at an unprecedented rate, as well, and the Internet took a more dominant role as a customer communications and payment platform. If IT is worth more than it was a year ago, then its ransom is also worth more.
Read Ryuk Ransomware Cripples US Hospitals — Crosses the Line to how hacker orgs are transitioning to even more devastating, immoral tactics.
What does the ransomware spike mean for SMBs?
Many SMBs try to diminish the threat level with the belief that they are too small to be targeted. That is unfortunately not true. 28% of attacks target small businesses (Verizon 2020 Data Breach Report). While their size and stature does suggest they will not be targeted by the most sophisticated attacks, they are common victims.
But smaller businesses do not have the resources to deal with the ransom or the downtime like larger organizations. If breached, many of our clients might be forced to consider bankruptcy. We cannot let that happen on our watch.
Platte River Networks is taking and will take further action to protect our clients
We have done an excellent job of our history of securing our clients because we have consistently improved our security posture over the years. We already have some good tools and best practices in place; but we need to reprioritize security in order to keep our clients safe as the threat level rises. We will be contacting all our clients in the near future to discuss additional security improvements that may be required in order to protect your business. If you are not a client and want to have a conversation on how to immediately improve your security posture, please don’t hesitate to contact us.