Most Singapore SMBs won't pay ransomware demands

Some 62 percent of small and midsize businesses in the country believe ransomware demands should be ignored, despite one in six experiencing downtime of at least 25 hours during an infection.
Written by Eileen Yu, Senior Contributing Editor

Most small and midsize businesses (SMBs) in Singapore do not believe in paying off ransomware demands, despite one in six having experienced downtime lasting more than 25 hours during such attacks.

Compared to 59 percent globally, 62 percent in Singapore said ransomware demands should never be paid, while the majority of the remaining SMBs here said such demands should be paid only if the encrypted data was of value to the organisation. Some 33 percent of those that opted not to pay lost files as a result, according to a study conducted by Osterman Research and commissioned by Malwarebytes.

The study polled 1,054 SMBs in Singapore, France, Germany, Australia, North America, and the UK, with 174 respondents from Singapore.

Thirty-five percent of SMBs in the city-state revealed they had suffered a ransomware attack over the past year, of which 21 percent had to immediately halt all business operations. Another 11 percent lost revenue as a result of the attack, often from paying off ransomware demands.

Some 53 percent said ransomware demands were less than US$1,000, while 7 percent said such sums totalled more than US$1,000.

Amongst companies affected by ransomware, 61 percent incurred downtime lasting more than nine hours as a result of just one incident. Another 15 percent said a ransomware infection triggered downtime of at least 25 hours. Further, among SMBs that experienced a ransomware attack, 21% reported that they had to cease business operations immediately, and 11% lost revenue.

And while 73 percent ranked the need to address ransomware as high or very high priority, just 9 percent expressed confidence they could stop such attacks. Another 30 percent admitted they were unable to identify how they were infected and 20 percent said such attacks spread to other devices.

"Businesses of all sizes are increasingly at risk for ransomware attacks, [but] the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise," said Jeff Hurmuses, Malwarebytes' Asia-Pacific managing director and area vice president. "SMBs are suffering in the wake of attacks to the point where they must cease business operations. To make matters worse, most of them lack the confidence in their ability to stop an attack, despite significant investments in defensive technologies. "

Editorial standards