Ransomware and SMB’s: It’s No Longer a Question of If, But When
In September 2017 Datto released its 2nd Annual State of the Channel Ransomware Report. In this, the most extensive study of its kind, researchers surveyed over 1700 Managed Service Providers (MSPs) who support over 100,000 small-to-mid-sized businesses (SMBs) around the globe.
The report presents the survey’s key findings and includes significant detail on ransomware trends, targets, impact, and frequency and offers recommendations to ensure recovery and business continuity as the threats accelerate.
The following list highlights some of the report’s leading observations, insights, and trends:
TARGETS: Small and Medium Businesses
- Attacks focus on the most vulnerable – SMBs.
- MSP’s surveyed report that 79% of their clients have experienced a recent ransomware attack.
Hackers demand relatively “reasonable” amounts (from a few hundred to a few thousand dollars) from SMB’s, to guarantee a payout. Of the 35% of SMBs that paid the ransom 15% did not recover their data. And globally, businesses paid 301M to ransomware hackers last year.
Most of the financial strain, however, occurs not as the result of the ransom demanded by malicious hackers, but because of the resultant downtime and data loss.
- SMB’s represent most of all businesses worldwide, and approximately 5% of these SMBs fell victim to ransomware over 2016 -2017.
- Sectors targeted most by ransomware include construction, manufacturing, healthcare, professional services, and finance although no industry, operating system or device is safe from these attacks.
- Software as a Service (SaaS) applications continue to be a growing target for ransomware attacks with Dropbox, Office 365 and G Suite most at risk.
- Mobile and tablet attacks are also on the rise.
TRENDS: MSPs predict a 99% increase in attacks globally over next two years
- Six out of seven MSPs have seen ransomware among their customers this year and predict a 99% increase in such attacks globally over the next two years.
- 75% of MSPs report clients experiencing business-threatening downtime as a result of ransomware attacks. (Robert Gibbons, Chief Technology Officer, Datto.)
- Most of the financial strain, the survey found, occurs not as the result of the ransom demanded by malicious hackers, but because of the resultant downtime and data loss.
- 86% of MSPs said ransomware victimized their small business clients within the last two years.
- 21% report six or more SMB attacks in the first half of 2017 alone
- 26% of MSPs cited multiple attacks against clients in a single day.
- 30% of MSPs say that a ransomware virus remained on a SMBs system after the first breach, and struck again at a later time.
- More attacks are being reported to authorities (1 in 3 in 2006-2017 versus 1 in 4 the previous year), but the majority of attacks are not.
- Datto strongly advises against paying the ransom.
Why are SMBs more vulnerable to attacks?
The majority of SMBs are still “in the dark” about ransomware awareness. 90% of MSP respondents cited they are “highly concerned” about the business threat of ransomware, but only 38% of small business clients felt the same.
MSPs reported that the leading cause of ransomware infections could be the lack of mandatory cyber security training across small businesses.
What are the most common ransomware variants?
85% of MSPs report seeing Cryptolocker, which is still the most common ransomware variant – but new more aggressive strains emerge every day including Cryptowall and Locky. WannaCry was a later addition.
What can SMBs do to protect themselves?
Backup is essential because ransomware outsmarts today’s top security solutions.
The majority of Anti-virus software products, email/spam filters, ad blockers, and regularly updated applications do not successfully stop or eradicate infections, say MSPs.
Although a layered approach to security is extremely important the most effective protection from ransomware is a backup and disaster recovery (BDR) solution followed by cyber security training.
With a reliable backup and disaster recovery solution (BDR) in place, MSPs say that 96% of SMBs will fully recover from ransomware attacks.
Read the full report:
Download the 2nd Annual State of the Channel Ransomware Report.
Protect your SMB now:
To find out more about protecting your SMB against ransomware, or if you have an emergency, question or just need advice, please contact us at Netcetera.