Ransomware attack is no longer an exclusive happening to strategically significant entities (eg MNCs, listed companies or government bodies) with sophisticated IT network that hackers are targeting for noteworthy payoffs. SMEs, professional services firms, small law and financial services firms are now attractive targets of ransomware specifically for the valuable personal identifiable information, payment data, sensitive company financials or confidential intellectual property. Based on Fitch Ratings, Coveware 1Q20, professional services firms was the top target for ransomware attacks, accounting for 24.9% of all attacks. The top 3 types of ransomwares in these attacks are Sodinokibi, Conti V2 and Lockbit. 

The recent adoption of working from home and digitisation of workplace by companies as a consequence to COVID-19, further accelerated the intensity and proliferation of ransomware attacks. Ransomware attacks increased 485% in 2020 globally, according to Bitfdefender, accounting for nearly one-quarter of all cyber incidents, with total global costs estimated at $20 billion, per Cybersecurity Ventures.

It is expected that the volume, scale and sophistication of ransomware attacks will increase with the shift to hybrid working and ever increasing workplace automation from travel restriction, labour immobility and talent crunch. Criminal prosecution of ransomwares remains low due to the international nature of such crimes as well as the complexity. At the same time, the motivation to engage in any ransomwares is strong, driven by the profit incentives and the delayed ‘catching up’ of the law enforcement.

It is perhaps timely that SMEs start taking a more serious look into ransomwares, specifically how vulnerable is your IT infrastructures in relation to the customer and industry risk profiles, the extent of online or social presence of your business as well as the cyber security mentality of your workers.