Shift in ransomware tactics affecting SMBs

September 22 – Emerging research highlights a shift in ransomware tactics. Attackers are now focusing on smaller, less well-defended organizations, rather than larger “big game” targets.

As with any for-profit organization, ransomware gangs intend to increase profits while minimizing overhead and expenses. Ransomware operators know that larger organizations have spent hefty sums on ransomware prevention, while smaller businesses aren’t so likely to have followed suit.

Ransomware SMB targets

Although the profits derived by hitting an SMB with ransomware might be smaller than what attackers could gain by attacking a larger organization, the certainty around profits holds immense appeal.

Research shows that in the second half of 2022, there was a 47% increase in the number of new ransomware victim organizations, many of which were small-to-medium sized enterprises with relatively weak security measures.

This year, the infamous LockBit ransomware gang has primarily targeted organizations with fewer than 200 employees. BlackCat and Clop are also focused on small businesses.

Smaller ransomware attackers

Researchers have also noticed that an increasing number of small ransomware gangs are operating alongside those with well-known monikers.

This shift is partially due to leaked source codes from groups like LockBit and Conti, which have enabled other actors to develop new ransomware variants.

Trends insights

Only 14% of small-to-medium sized businesses have a cyber security plan in place, despite the fact that SMBs account for 43% of cyber attacks annually.

On average, SMBs lose $25,000 per serious cyber disruption.

Take action

To address these threats and to bolster overall resilience, consider exploring these CyberTalk.org resources:

For further ransomware and SMB information, click here. Lastly, to receive timely cyber security insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.