Get a FREE Dark Web Scan

    The True Cost of Downtime from Ransomware Attacks

    Highlights

    Businesses must prepare the front line of defense: your employees.

    • Today’s companies must provide regular and mandatory cybersecurity training to ensure all employees are able to spot and avoid a potential phishing scam in their inbox, a leading entrance point for ransomware.

    Businesses must leverage multiple solutions to prepare for the worst.

    • Today’s standard security solutions are no match for today’s ransomware, which can penetrate organizations in multiple ways. Reducing the risk of infections requires a multilayered approach rather than a single product.

    Businesses need a continuity strategy.

    • There is no sure fire way of preventing ransomware, although antivirus, perimeter protection, and patch management are essential. Businesses should focus on how to maintain operations despite a ransomware attack. A solid, fast, and reliable business continuity and disaster recovery solution is one part of that strategy. Since ransomware is designed to spread across networks and SaaS applications, endpoint and SaaS backup solutions designed for fast restores are also critical. 

    Businesses need a dedicated cybersecurity professional to ensure business continuity.

    • SMBs often rely on a “computer savvy” staff member to handle their IT support and not an IT expert. If a company cannot afford a complete IT staff for 24/7 cybersecurity monitoring, they should be leveraging a managed service provider (MSP) who has the time and resources to anticipate and protect a company from the latest cybersecurity threats.

    Deeper Dive

    Datto surveyed more than 1,400 managed service providers (MSPs) around the world about ransomware. The results in the report provide unique visibility into the state of ransomware from the perspective of the IT Channel and their SMB clients who are dealing with these infections on a daily basis.

    The report provides a wealth of detail on ransomware, including year-over-year trends, frequency, targets, impact, and recommendations for ensuring recovery and continuity in the face of the growing threat. 

    In this report, you will find:

    • New data on ransomware attack frequency across SMBs and MSPs
    • The true cost of downtime from ransomware attacks
    • Ransomware defense measures global MSPs are implementing
    • Popular ransomware recovery methods from your peers
    A Variety of Malware Targeting SMBs

    Key Findings

    • Ransomware remains the most prominent malware threat. In 2019, 85% of MSPs report ransomware as the most common malware threat to SMBs.
    • In the first half of 2019 alone, 56% of MSPs report attacks against clients. 15% of MSPs report multiple ransomware attacks in a single day.
    • On average, 1 in 5 SMBs report that they’ve fallen victim to a ransomware attack. SMBs who don’t outsource their IT services are more at risk.*
    • When it comes to the ransomware threat, there is a disconnect between MSPs and SMBs. 89% of MSPs are “very concerned” about the ransomware threat and 28% report their SMB clients feel the same.
    • MSPs rank phishing emails as the leading cause of successful attacks. Lack of cybersecurity training, weak passwords, and poor user practices are among the other top causes. 
    • The aftermath of a ransomware attack can be a nightmare for any business. Nearly half of MSPs report victimized clients experienced business-threatening downtime.
    • The average ransom requested by hackers is increasing. MSPs report the average requested ransom for SMBs is ~$5,900, up 37%, year-over-year.
    • Downtime costs are up by 200% year-over-year, and the cost of downtime is 23X greater than the average ransom requested in 2019.
    • 92% of MSPs report that clients with BCDR solutions in place are less likely to experience significant downtime during a ransomware attack. 4 in 5 MSPs report that victimized clients with BCDR in place recovered from the attack in 24 hours, or less.
    • SMBs aren’t the only businesses being targeted by hackers. 4 in 5 MSPs agree that their own businesses are being increasingly targeted by ransomware attacks. 

    *Source: Strategy Analytics’ proprietary research of the North American SMB market. 

    A Variety of Malware Targeting SMBs

    Which of the following types of malware have affected your business in the last 2 years? 

    • 61% of MSPs report SMBs struck by viruses 
    • 54%of MSPs report SMBs struck by adware 
    • 46%of MSPs report SMBs struck by spyware 
    • 29% of MSPs report SMBs struck by cryptojacking 
    • 26% of MSPs report SMBs struck by remote access trojans 
    • 20% of MSPs report SMBs struck by rootkits
    • 18% of MSPs report SMBs struck by worms
    • 14% of MSPs report SMBs struck by keyloggers
    • 13% of MSPs report SMBs struck by exploit kits 

    *Survey respondents were able to select multiple answer choices. 

    Ransom, Downtime Costs, Skyrocket 

    Ransom, Downtime Costs, Skyrocket

    When it comes to ransomware attacks, MSPs report the cost of downtime is 23X greater than the ransom requested 

    Average Ransom 

    • MSPs report the average cost of ransom increased by 37% from previous year
    • In 2018 it was $4,300; in 2019 it was $5,900  

    Average Cost of Downtime 

    • The average downtime cost per incident has soared over 200% from previous year 
    • In 2018 it was $46,800; In 2019 it was $141,000 

    Ransomware is #1 Malware Threat to SMBs 

    Ransomware is #1 Malware Threat to SMBs

    Among the malware threats impacting SMBs, ransomware is the biggest offender. 

    • 85% of MSPs report attacks against SMBs in the last two years 
    • In the first half of 2019 alone, 56% of MSPs report attacks against clients 
    • 15% of MSPs report multiple ransomware attacks in a single day 

    The State of Ransomware and SMBs 

    The State of Ransomware and SMBs

    1 in 5 SMBs report that they’ve fallen victim to a ransomware attack.*

    On average, SMBs who don’t outsource their IT services report facing more ransomware attacks.* 

    *Source: Strategy Analytics’ proprietary research of the North American SMB market. 

    Ransomware Continues to Creep Past Cybersecurity Solutions 

    MSPs report clients fell victim to ransomware despite having implemented the following: 

    Ransomware Continues to Creep Past Cybersecurity Solutions
    • Antivirus software
    • Email/spam filters
    • Ad/pop-up blockers
    • Endpoint detection and response platform 

    Traditional cybersecurity solutions like antivirus and email/spam filters are no match for many cyber attackers. MSPs need to take a multilayered approach to ransomware, with business continuity at the core. 

    CryptoLocker Remains Household Name 

    Which of the following strains of ransomware have affected your clients? 

    For the 4th consecutive year, MSPs report CryptoLocker as the top ransomware variant attacking clients. 

    • 66%of MSPs report CryptoLocker 
    • 49%of MSPs report WannaCry 
    • 34%of MSPs report CryptoWall 
    • 24%of MSPs report Locky 
    • 17% of MSPs report Petya
    • 14% of MSPs report CryptXXX
    • 12% of MSPs report notPetya
    • 11% of MSPs report TeslaCrypt
    • 10% of MSPs report Emotet (NEW)
    • 7% of MSPs report CBT Locker
    • 7% of MSPs report TorrentLocker
    • 7% of MSPs report CrySis
    • 6% of MSPs report Bad Rabbit
    • 5% of MSPs report Wallet (NEW)
    • 4% of MSPs report CoinVault 
    Which of the following strains of ransomware have affected your clients?

    *Survey respondents were able to select multiple answer choices. 

    Industries Rocked by Ransomware 

    32% of MSPs report Construction and Manufacturing most targeted by ransomware 

    It’s not surprising that Construction and Manufacturing are top targets for ransomware. These industries are in a constant wave that flows with the ups and downs of the economy. Because of this, much of their work is project-based and recurring revenue is rare. As a result, it makes it difficult to invest in IT staffing or IT services that require monthly fees. 

    Industries Rocked by Ransomware
    31% Professional Services12% Real Estate6% Media/Entertainment
    23% Healthcare9% Architecture/Design4% High Technology
    20% Finance/Insurance9% Government 4% Energy/Utilities
    18% Non-Profit8% Education2% Telecom
    18% Legal7% Consumer Products11% Other/None 
    15% Retail5% Travel/Transportation

    Windows Endpoint Systems Most Targeted by Hackers 

    89% of MSPs report ransomware infecting endpoint systems. Of the 89%… 

    87% of MSPs report attacks on Windows PC
    • 87% of MSPs report attacks on Windows PC  
    • 11% of MSPs report attacks on Windows Tablet
    • 7% of MSPs report attacks on MacOS X
    • 5% of MSPs report attacks on Android
    • 3% of MSPs report attacks on iOS 

    *Survey respondents were able to select multiple answer choices. 

    Ransomware Descends Over Office 365 

    28% of MSPs report ransomware attacks in SaaS applications. Of the 28%:

    • 64% of MSPs report attacks within Office365 (up from 49% in 2018) 
    • 47% of MSPs report attacks within DropBox
    • 18% of MSPs report attacks within G Suite
    • 6% of MSPs report attacks within Box
    • 2% of MSPs report attacks within Salesforce

    SMBs report 11% to 50% of their IT infrastructure is based in the cloud. This is expected to increase over the next 3 years, where most expect 21% to 75% to be in the cloud.** 

    *Survey respondents were able to select multiple answer choices.

    **Source: Strategy Analytics’ proprietary research of the North American SMB market. 

    Most Common Ransomware Recovery Methods 

    Which methods have you used to recover a client from a ransomware infection? 

    • 69% of MSPs report reimaging a machine 
    • 53% of MSPs report virtualizing the system from a backup image 
    • 37% of MSPs report running software to cleanup threat 
    • 16% of MSPs report downloading a purpose-built software tool designed for ransomware recovery
    • 15% of MSPs report relying on endpoint antivirus to recover
    • 12% of MSPs report finding a decryption key 

    *Survey respondents were able to select multiple answer choices. 

    BCDR Ranked Most Effective to Combat Ransomware 

    BCDR is ranked the #1 solution by MSPs. 

    No alt text provided for this image
    • Business Continuity and Disaster Recovery (BCDR) Employee training
    • Patch management
    • Unified threat management
    • Identity and access management solution Antivirus / Anti-malware software
    • Email / Spam filters
    • Endpoint / Mobile management platform Browser isolation
    • Endpoint detection and response platform (NEW!) 

    Traditional antivirus solutions are only effective for detecting threats that have been seen before, and ransomware is good at evading these detection engines. Endpoint detection and response software looks at how processes interact with an operating system, and call out or prevent activities that look and behave like malware. 

    With BCDR, Ransomware Recovery 4X More Likely Than Without 

    92% of MSPs report that clients with BCDR products in place are less likely to experience significant downtime from ransomware 

    • With BCDR, 4 in 5 MSPs report clients fully recovered in 24 hours, or less 
    • Without BCDR, less than 1 in 5 MSPs report clients were able to do the same 

    MSPs Report Ransomware Isn’t Slowing Down 

    • 96% of MSPs predict attacks will continue at current, or worse, rates

    MSPs Enable 2FA to Double Down on Ransomware Preparation 

    MSPs report enabling two-factor authentication (2FA) on the following tools and applications: 

    MSPs Enable 2FA to Double Down on Ransomware Preparation
    • 71% Remote Monitoring and Management (RMM) 
    • 61% Password Manager
    • 56% IT Documentation 
    • 60% Email Client
    • 43% BCDR
    • 58% Professional Services Automation (PSA)

    Next steps

    NetOne Technologies is a Managed Service Provider expert in network design, disaster recovery, VoIP and IT risk management and offers assistance with all of your technology needs.

    For the past 20 years, as President and Technical Director of NetOne Technologies, my team has brought companies the connectivity, security, and network infrastructure to be successful in today’s changing world.

    Do you have a business continuity/disaster recovery plan in place?

    Are you managing risks to your IT?

    I invite you to have a 15-minute conversation. Whether or not we decide to collaborate, I’m confident I can offer insights that can help you find the right solution for your needs. Please click here to book a call with me.