New research suggests that SMBs have a long way to go before getting up to speed with today's cyberthreats.
A third of small to medium-sized businesses (SMBs) have no idea what ransomware is or how devastating the malware can be, highlighting a series lack of understanding which could seriously harm today's companies.
According to new research released by antivirus firm AVG on Tuesday, too many businesses are unaware of how dangerous ransomware can be -- and how easily it is to become the latest victim of the malware strain.
Ransomware is a type of malicious code that once executed on your system -- usually through a malicious link or phishing email -- locks your PC, encrypts either your files or hard drive, and demands a ransom payment in return for a decryption key which claims to give you your system back.
One of the latest strains to be detected, MarsJoke, threatens to wipe data if a ransom is not paid within 96 hours. Time-sensitive threats are a common tactic used by ransomware campaign operators to put pressure on victims to pay up, and ransom payments can range from small amounts to hundreds -- or thousands -- of dollars.
As ransomware can be a very lucrative prospect for cybercriminals looking to cash in, unsurprisingly, infections are on the rise. Locky, Cerber and Virlock are only some of the ransomware variants which are being used in active campaigns against entities including hospitals, governments and gamers.
One UK university has reported 21 attacks in the past 12 months alone.
Last year, the FBI received 2,453 complaints about ransomware hold-ups, and out of these cases that were actually reported, the damage cost victims more than $24 million.
"The true scale of the problem is somewhat hard to define though because, understandably, many businesses and organizations are reluctant to reveal they've been held to ransom because of fears about being targeted again, or losing existing or new customers," AVG notes.
In June, the security firm asked almost 400 SMB customers in the US and the UK whether they knew about ransomware. In total, 68 percent of respondents had heard of the term 'ransomware,' but it is the 32 percent -- just over a third -- that had no knowledge which is the concerning factor.
Considering the first recorded attack took place in 2005, which came in the now-common form factor of a fake antivirus message which required payment, 11 years on is a long time to not know about such a dangerous threat to business operations.
To make matters worse, out of the 68 percent of respondents which said they knew what ransomware was, 36 percent gave the wrong answer -- and actually didn't really know what the malware was, or its implications.
If you find yourself a victim of such malware, the first thing to do is research the infection to see if security companies have come up with free decryption tools, including AVG and Kaspersky.
While some tools are available, it takes time to crack updated versions and so you may be out of luck. If none are available, you may have to resort to backups of your data. You might be tempted to pay up; however -- if you do so, you are funding the criminal enterprise, and there is no guarantee you will be given a working key to retrieve your files after paying the ransom.