Many small and medium-sized businesses (SMBs) operate under the assumption that cybercriminals won’t target them, believing their data or systems lack the value to entice hackers. After all, these businesses often can’t afford the hefty ransoms that typically interest cyber attackers. However, this misconception is increasingly outdated. Hackers have shifted their tactics and are now eyeing SMBs as prime targets.
According to a report by Dark Atlas, a web monitoring platform, cybercriminal groups, particularly those behind Akira Ransomware, have broadened their focus to include smaller businesses, launching double-extortion attacks. In these attacks, cybercriminals not only encrypt a company’s data but also steal it, threatening to release sensitive information unless a ransom is paid.
In 2024 alone, the Akira Ransomware group targeted over 350 organizations globally, generating an estimated $42 million in ransom payments. The majority of this money came from victims in North America.
How These Attacks Work
The method used by these cybercriminals is relatively simple yet effective: they exploit stolen credentials to infiltrate networks that rely on basic, single-factor authentication for security. Once inside, they deploy file-encrypting malware, locking up critical data and demanding a ransom for its release.
The primary targets are SMBs, often with fewer than 100 employees, who typically lack the robust IT resources needed to prevent or respond to such sophisticated attacks. Without dedicated cybersecurity teams, these businesses are particularly vulnerable, leaving them with little choice but to pay the ransom.
Key Targets and Profitable Regions
Research from Dark Atlas indicates that Akira Ransomware’s main targets in 2024 were organizations in North America, Europe, and Australia, where the value of cryptocurrencies against the dollar is high, maximizing the criminals’ profits. Sectors such as education, finance, healthcare, and manufacturing were hit the hardest, with some organizations in the defense industry also affected.
Should You Pay the Ransom?
While paying the ransom might seem like the quickest way to regain access to locked data, experts warn against it. Not only does paying ransom fuel further criminal activity, but it doesn’t guarantee that the attackers will actually provide the decryption key. Additionally, once a company has been attacked, it’s possible that they could be targeted again, especially if security vulnerabilities aren’t addressed.
Ad
Join our LinkedIn group Information Security Community!
