Downtime to fix cyber attacks more costly for businesses here than ransom demands

Those hit by ransomware here were also less willing to pay hackers, compared to respondents in other countries.
Those hit by ransomware here were also less willing to pay hackers, compared to respondents in other countries.PHOTO: AFP

SINGAPORE - A third of companies surveyed here who were hit by ransomware over the last year did not know how they were infected, according to a new report that looked at the rising instances of such cyber attacks.

The Second Annual State of Ransomware report, released by security software firm Malwarebytes on Tuesday (Aug 1), also highlighted that the ransom demands were not as damaging as the potential downtime to businesses infected with the malware.

The report, conducted by Osterman Research, surveyed 1,054 small and medium enterprises (SMEs) across six countries and territories: Singapore, France, Britain, Germany, Australia, and North America.

A total of 175 SMEs here across 14 industries, from manufacturing, transport to retail, took part in the survey. This is the first time Singapore is included in the report, which was first launched in 2016.

Only seven per cent of ransom demands here were above $10,000. While the majority of ransom demands were small - about 60 per cent asked for sums of up to $5,000 - the downtime suffered by the businesses was more damaging.

Almost 80 per cent of SMEs surveyed experienced downtime of between an hour and a full day of business operations, with 15 per cent suffering downtime of more than 24 hours.

Furthermore, one-fifth of victims had to stop their business operations immediately, leading to revenue losses from downtime.

The report came months after two major ransomware attacks made waves globally this year. The WannaCry attacks in May took down major institutions such as the National Health Services in Britain, while the NotPetya incidents a month later infected banks, government agencies and transport operators in Europe.

Those hit by ransomware here were also less willing to pay hackers, compared to respondents in other countries. A quarter of businesses surveyed in Singapore opted to pay the hackers' ransom to unlock their files, compared to 43 per cent in Britain and 46 per cent in Australia.

Of those who did not pay the hackers, 33 per cent of them lost their files and information as they could not be decrypted.

"Businesses of all sizes are increasingly at risk of ransomware attacks," said Mr Jeff Hurmuses, Malwarebytes' managing director and area vice-president, APAC.

"However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise. Osterman's findings demonstrate that SMEs are suffering in the wake of attacks, to the point where they must cease business operations."

"To make matters worse, most of them lack the confidence in their ability to stop an attack, despite significant investments in defensive technologies," he added.