MSP Survey Shows Ongoing Ransomware, Malware Attack Challenges
It’s always instructive to see how MSPs, VARs and other security professionals are coping with today’s ransomware scourge, so we’re happy to share the results of a survey that Webroot conducted earlier this year, querying 500 MSPs about their challenges and strategies in this constant battle.
In the following questions and responses excerpted from the survey, you’ll see that ransomware continues to pose a significant threat:
1) Number of times your clients were hit by ransomware in the last 12 months?
- 0: 22%
- 1: 17%
- 2-5: 44%
- 6-10: 11%
- 11-25: 4%
- 25+: 4%
Nearly 80% of those surveyed reported that they had clients who were hit at least once by ransomware in the last year. Furthermore, a significant 44% indicated that they had clients who were struck 2-5 times, and 19% of the respondents noted they had clients hit by ransomware more frequently than that.
2) Prevalence of ransomware in the past 12 months?
- Greater than last year: 44%
- Same as last year: 30%
- Less than last year: 26%
Most MSPs saw a huge increase in ransomware attacks compared to the previous year. Unfortunately, when it comes to ransomware, Webroot’s research shows that this trend is not going to slow down anytime soon. Ransomware is simply too effective and lucrative for cybercriminals to ignore, while the ready availability of “ransomware-as-a-service” on the dark web makes it easy for crooks to start exploiting unsuspecting users.
3) What ransomware types have been hitting your clients?
- CryptoLocker: 61%
- CryptoWall: 28%
- Locky: 22%
- Tesla Crypt: 9%
- CryptXXX: 9%
- CBT Locker: 6%
- Crysis: 5%
- TorrentLocker: 5%
- CryptoMix: 3%
- Petya: 1%
- Cerber: 1%
As expected, CryptoLocker leads the list of top types of ransomware hitting the respondents’ clients in the past 12 months. (Note that the survey was conducted before the emergence of WannaCry.) Due to the repeated success of ransomware, many of the survey participants have seen multiple variants making the rounds through their customer bases.
4) Time spent remediating ransomware (last 12 months)?
- <1 day: 38%
- 1-5 days: 40%
- 6-10 days: 15%
- 11-20 days: 4%
- >20 days: 2%
As well as the possibility of having to meet the cost of the ransom payments demanded, it’s important to also account for the additional expense of remediating a successful ransomware attack. As shown above, 61% of the respondents were forced to spend a day or more remediating the fallout of a ransomware attack in the past 12 months.
5) Ransomware protection strategies?
- Antivirus/antimalware: 28%
- Regular backups: 20%
- Business continuity/DR: 22%
- Employee cybersecurity training 18%
- Other: 7%
- Anti-ransomware add-on: 3%
- Email spam filters: 2%
When asked to select the mitigation steps they are taking to stop ransomware, 28% of those surveyed considered antivirus and antimalware software to be a crucial component of a ransomware defense strategy. However, the numbers also indicate that 22% of the respondents believe regular backups and business continuity/disaster recovery planning are of near-equal importance.
In response to the ransomware problem, many cybersecurity vendors have released so-called “anti-ransomware add-ons.” Judging by the above responses, however, today’s IT professionals aren’t convinced of their value or effectiveness. It’s also worth noting that user education remains a valuable part of a solid security setup.
6) How confident are you about making your clients’ endpoints secure against a future ransomware attack?
- Very confident: 31%
- Somewhat confident: 60%
- Not at all confident: 9%
A particularly disheartening statistic from this survey is that almost 70% of the respondents are “somewhat” confident or “not at all” confident of thwarting a future ransomware attack. Just 31% of those surveyed are “very” confident that they will be able to protect their clients from such attacks.
Get Ransomware Infographic
It’s clear that combatting ransomware continues to present daunting challenges. To assist you in this ongoing battle, Webroot has created the “Quick Guide to Stopping Ransomware” infographic (see sample below). It’s a handy resource that concisely summarizes the key mitigation strategies that can help protect your clients from a ransomware attack.
We encourage you to download it now.
It’s no secret that Webroot SecureAnywhere® Business Endpoint Protection solutions are simply unrivalled in their ability to combat CryptoLocker, WannaCry and other ransomware threats.
Download the free 30-day trial and see for yourself how Webroot’s multi-vector approach to malware prevention combined with its use of real-time cloud-predictive behavioral intelligence stops ransomware before it infects your clients’ endpoints.