IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Fewer Cyber Attacks Are Seeing Ransom Payouts, Report Finds

A newly released report from Connecticut-based IT vendor Datto suggests that only around three out of 100 small- to medium-size businesses hit with ransomware pay cyber criminals to recover their data.

(TNS) — A new study by a Norwalk information technology vendor suggests only three of every 100 organizations pay off the hackers that seize control of their systems in "ransomware" attacks — with the rest choosing to incur significant headaches and expense to recover data, or rebuild otherwise a portion or all of a targeted IT system from scratch.

Datto released survey results on Tuesday covering how small- and mid-size businesses deal with the threats of ransomware, email "phishing" and other methods to infiltrate their systems. The company received about 3,000 responses from survey participants in the United States and seven other countries.

Datto provides data backup and security services, with offices in Norwalk and Miami after being acquired for $6.2 billion last year by Kaseya which is based there. Kayesa itself was the target of a ransomware attack in 2021.

Ransomware attacks involve hackers seizing exclusive access to computer systems or data, and threatening to erase them permanently unless paid a ransom to restore access. In the early weeks of 2023, victims reporting ransomware attacks have included a Toronto children's hospital, the United Kingdom's Royal Mail, and a Norway company whose software is used to manage schedules for more than 1,000 ships globally.

Ransomware attacks impacted 13 percent of smaller businesses in 2022, including attacks on companies that provide them information technology services that cascaded into their own operations.

More than half of respondents indicated recovering from a ransomware attack would have a significant impact, while another 17 percent fear an "extreme" impact with a high difficulty of recovery. Nearly seven of every 10 businesses surveyed by Datto have cyber insurance policies in place, with a third of those that do not considering getting coverage this year.

Connecticut ransomware victims the past few years include the company which manages the call center operations of Access Health CT; the Hartford Public Schools which saw its bus scheduling system attacked on the first day of school in 2020 as normal classes resumed during the COVID-19 pandemic; and public school systems in New Haven the prior year.

If vexing for small businesses and nonprofits that lack the expertise and resources to respond to a ransomware attack, such attacks remain a major concern as hackers may hone in on critical infrastructure in the hunt for a big payoff. In 2021, Connecticut and other Northeast states were affected by a $4.4 million ransomware attack on the operator of the Colonial Pipeline, though much of the ransom was subsequently recovered as the U.S. Department of Justice seized crypto-currency accounts linked to the perpetrators.

And only last week, thousands of U.S. flights were canceled after contractors errantly compromised software code in a key system, providing a fresh reminder of the need for strong cyber defenses and backup systems.

Phishing remains the most prevalent hack to infiltrate business systems, according to the Datto survey, with 32 percent of respondents indicating they had detected such attempts. Close behind ransomware were computer viruses, then scams linked to COVID-19, with 21 percent of survey participants stating employees received fraudulent emails related to COVID.

©2023 the Houston Chronicle, Distributed by Tribune Content Agency, LLC.