Small to medium-sized businesses paid $301 million to cybercriminals using ransomware in the past year, according to our research. That’s a lot of loot—especially considering the average ransom demand is only between $500 and $2,000. We surveyed 1,700+ Managed Service Providers (MSPs) serving 100,000+ SMBs for our second annual State Of The Channel Ransomware Report, and again hauled in a raft of information about how ransomware impacts SMBs today.
The most obvious takeaway: ransomware is still hot among cybercriminals—97 percent of respondents said ransomware attacks are becoming more frequent. And, SMBs are still getting banged up out there. Eighty-six percent of respondents said their SMB clients were recently victimized, and 21 percent reported six or more SMB attacks in the first half of 2017 alone.
Construction and manufacturing businesses were hit particularly hard, with 48 percent of respondents indicating attacks in that industry. However, attackers don’t appear to target businesses by vertical. Twenty-eight percent of respondents saw attacks in both healthcare and professional services. Legal and non-profit got dinged as well—24 and 23 percent reported ransomware in those worlds. Twelve percent saw ransomware in real estate and education, and so on. In other words, no industry is exempt from attacks.
There are a number of reasons why SMBs may be more likely to be victimized by ransomware attacks. For one, many SMBs rely on outdated technology and unpatched software. Ransomware is designed to identify and exploit these types of vulnerabilities. Plus, many lack IT security awareness. In fact, 90 percent of MSPs are highly concerned about ransomware, while only 38 percent of SMBs felt the same. Respondents said the number one reason for this is lack of cybersecurity training. As such, SMBs are more likely be victimized by criminals using phishing scams or malicious websites.
Unfortunately, even robust antivirus products aren’t always enough to protect against attacks: 94 percent of respondents said that ransomware bypassed antivirus software they had in place. This is because ransomware designers are constantly revising code to evade antivirus detection. That’s why a multi-layer protection strategy is recommended to mitigate the impact of attacks.
First, antivirus software, while not foolproof, is absolutely essential. It’s the first line of defense against attacks. It is also critical to keep all software patched and up-to-date. Second, IT security education is a must. Employees should know how to identify phishing emails that are used to distribute ransomware. Finally, a modern data protection solution that enables rapid restore must be deployed. The majority of respondents said that backup is the only way to be absolutely sure you’ll be able to retrieve your data following an attack.
As a managed service provider, you’ve probably got the IT security and data protection pieces locked down. Don’t neglect the education piece. Be certain that your customers understand what ransomware is, how it works, and what they can do to avoid it. Consider some type of security best practices training for your customers. If that’s not possible, provide customers with educational materials they can distribute among staffers. Ransomware is a scourge to be certain, but a little education can go a long way to prevent attacks.
Don't Miss This: For more information on recent ransomware trends, you can view Datto’s 2017 State of the Channel Ransomware Report here.
Rob Rae is VP of business development at Datto. Read more Datto guest blogs here.