MonsterCloud Conducts Ransomware Survey and Discovers How Small Businesses are Particularly Vulnerable

A typical Monday morning. I get to the office early to get a jump on a busy week. A number of big clients were expecting big proposals and contracts, which had been promised, “absolutely on time.”

At 5:30 AM, I turn on the lights, start the coffee and login to my account.

Access Denied: Your files have been encrypted.  In order to gain access to your companies’ files, you must pay us $5000. We will then send you a decryption key.  If you do not pay us within 24 hours, we will destroy the encryption key and distribute your companies’ files across the internet. Imagine the cost of being in Breach of Contract for every client you’ve ever had and never being able to get to your files again. The ransom is nothing in comparison. Pay Up. Quick.

Ransomware is perhaps the most dangerous computer virus threat to businesses of all sizes; and as recent MonsterCloud research and survey reveals, small businesses are perhaps much more susceptible to this insidious computer virus than large and mid-sized enterprises. 

Ransomware is a computer malware that installs covertly on a victim’s computer, often by tricking a victim with a deceptive email, sneaking into any device, piggybacking on an otherwise harmless download and other means, always without the user’s knowledge. The Ransomware virus then executes a cyber-attack that typically encrypts the files and/or locks the computer. The perpetrators then demand a ransom payment to decrypt it or not publish it on the internet, as described by Wikipedia.

The financial impact of Ransomware on business is massive. According to a May, 2016 article in The Washington Times, an FBI report indicated that Ransomware infections caused more than $1.6 million in losses last year for individuals and businesses. Undoubtedly, for small businesses, Ransomware can do more than just financial harm. There is also real reputation risk and even the possibility of going out of business.

The impact of Ransomware to large and mid-sized businesses has been studied. In fact, a Malwarebytes’ survey, conducted by Osterman Research, found that nearly 80 percent of large organizations have been the victim of cyber-attack during the past 12 months and nearly 50 percent have been the victim of Ransomware (as of August 2016). MonsterCloud, who provides IT managed services to growing businesses, was curious about the impact of Ransomware to small businesses, defined as companies with 49 or fewer employees.

MonsterCloud sent a survey to thousands of businesses to gain insights into their understanding of Ransomware and the potential impact this computer virus could have on their business. Hundreds of businesses responded to survey. The findings reveal the incredible vulnerability of small business.

“Luckily the phones worked. I woke up our operations manager, who also acts as our IT guy. He had never heard of Ransomware and had no idea what I was talking about. He certainly didn’t know what to do. He said he’d be here in an hour. I told him to Google ‘Ransomware’ from home because the office computers were down. That would give me time to prepare for the client backlash. I found a pen and paper and started scribbling an apology letter and a list of clients who were counting on us. I scrambled to find a phone book to look up their numbers, then I realized that many clients weren’t even in our local area.”

The MonsterCloud survey found that one key difference between large and mid-sized companies and small businesses is that only 17% of small businesses have a dedicated, full-time IT person, much less an IT team. These small businesses typically rely on a go-to person who is partially dedicated to managing the companies’ IT assets such as networks, security, data backup and phone systems. This lack of IT personnel alone creates incremental risk for small businesses as their skills and knowledge around preventing Ransomware is extremely limited at best.

Dedicated IT Personnel by Company Size
Dedicated IT Personnel by Company Size

In researching Ransomware, MonsterCloud finds large enterprises to be much more aware and prepared to handle the computer virus. The MonsterCloud survey found that 100% of large companies were aware of the Ransomware threat and had taken incremental precautions to protect themselves against the virus.  Comparatively, most (91%) mid-sized companies had taken precautionary steps against Ransomware, but only 15% of small businesses could say the same thing.

Aware of Ransomware & Taken Precautionary Steps
Aware of Ransomware & Taken Precautionary Steps

In the survey, MonsterCloud  found that less than 1% of small businesses indicated they had fallen victim to Ransomware, a relatively small number compared the 50% of large companies indicating an attack in the Malwarebytes’ survey. While less than 1% might seem irrelevant, there are in fact nearly 28.2 million small businesses in the US (US Small Business Administration, 2011). So hundreds of thousands of small businesses could be at risk. “Small businesses are like a wondering herd of unattended sheep with wolves <Ransomware> hiding in every shadow waiting to get an easy meal,” said Zohar Pinhasi, MonsterCloud CEO.

Businesses Fallen Victim of Ransomware
Businesses Fallen Victim of Ransomware

The risk of Ransomware to small businesses is increasingly coming into focus. In June of 2016, the Infosec Institute, examined Ransomware and its impact on small businesses. The article notes, that “small businesses are usually the primary targets of Ransomware attacks. And the reasons are not farfetched. Small businesses usually lack sophisticated computer defenses thus making them very vulnerable. An overwhelming majority, some reports by Intel says as much as 80%, of these small and medium scale businesses, don’t employ data protection or email security.”

MonsterCloud feels the overall lack of awareness to the Ransomware issue, the lack of precautionary steps taken by small businesses, and simply the sheer large number of small businesses, likely make small businesses easy prey and the primary target for Ransomware perpetrators. MonsterCloud predicts small businesses will increasingly fall to Ransomware attacks. 

As it turns out, the operations manager and part-time IT guy found MonsterCloud via Google. They removed the Ransomware virus.  In victory, “I shredded the client apology letter.  We all sleep a lot better now, knowing we’re well protected by the 24-hour professional watchdogs at MonsterCloud.”

About MonsterCloud

MonsterCloud provides all-in-one managed IT services for growing businesses at small business prices on a secure private cloud platform. The IT outsourcing company also provides cyber security solutions, which include Removal of the Ransomware virus.  Zohar Pinhasi, CEO of MonsterCloud, is a cyber security expert and ethical hacker who is often in the media providing expert insights into the threat of Ransomware and other cyber-attacks.

About the Ransomware Survey

MonsterCloud surveyed 284 companies in the US in October 2016. The survey classified large business as 250 plus employees, mid-sized business as 50 to 249 employees, and small business as 49 or less employees, consistent with many published definitions. The vast majority of large and mid-sized business respondents were IT vice presidents, IT directors or IT managers. The vast majority of small business respondents were owners, presidents, vice presidents, IT personnel or office managers. A total of 14 questions were included in the survey.

The small business sales manager and office manager are based on true experiences of MonsterCloud customers.