It’s always instructive to see how MSPs, VARs and other security professionals are coping with today’s ransomware scourge, so we’re happy to share the results of a survey that Webroot conducted earlier this year, querying 500 MSPs about their challenges and strategies in this constant battle.In the following questions and responses excerpted from the survey, you’ll see that ransomware continues to pose a significant threat:1) Number of times your clients were hit by ransomware in the last 12 months?Nearly 80% of those surveyed reported that they had clients who were hit at least once by ransomware in the last year. Furthermore, a significant 44% indicated that they had clients who were struck 2-5 times, and 19% of the respondents noted they had clients hit by ransomware more frequently than that.2) Prevalence of ransomware in the past 12 months?Most MSPs saw a huge increase in ransomware attacks compared to the previous year. Unfortunately, when it comes to ransomware, Webroot’s research shows that this trend is not going to slow down anytime soon. Ransomware is simply too effective and lucrative for cybercriminals to ignore, while the ready availability of “ransomware-as-a-service” on the dark web makes it easy for crooks to start exploiting unsuspecting users.3) What ransomware types have been hitting your clients?As expected, CryptoLocker leads the list of top types of ransomware hitting the respondents’ clients in the past 12 months. (Note that the survey was conducted before the emergence of WannaCry.) Due to the repeated success of ransomware, many of the survey participants have seen multiple variants making the rounds through their customer bases.4) Time spent remediating ransomware (last 12 months)?As well as the possibility of having to meet the cost of the ransom payments demanded, it’s important to also account for the additional expense of remediating a successful ransomware attack. As shown above, 61% of the respondents were forced to spend a day or more remediating the fallout of a ransomware attack in the past 12 months.5) Ransomware protection strategies?When asked to select the mitigation steps they are taking to stop ransomware, 28% of those surveyed considered antivirus and antimalware software to be a crucial component of a ransomware defense strategy. However, the numbers also indicate that 22% of the respondents believe regular backups and business continuity/disaster recovery planning are of near-equal importance.In response to the ransomware problem, many cybersecurity vendors have released so-called “anti-ransomware add-ons.” Judging by the above responses, however, today’s IT professionals aren’t convinced of their value or effectiveness. It’s also worth noting that user education remains a valuable part of a solid security setup.6) How confident are you about making your clients’ endpoints secure against a future ransomware attack?A particularly disheartening statistic from this survey is that almost 70% of the respondents are “somewhat” confident or “not at all” confident of thwarting a future ransomware attack. Just 31% of those surveyed are “very” confident that they will be able to protect their clients from such attacks.
- 0: 22%
- 1: 17%
- 2-5: 44%
- 6-10: 11%
- 11-25: 4%
- 25+: 4%
- Greater than last year: 44%
- Same as last year: 30%
- Less than last year: 26%
- CryptoLocker: 61%
- CryptoWall: 28%
- Locky: 22%
- Tesla Crypt: 9%
- CryptXXX: 9%
- CBT Locker: 6%
- Crysis: 5%
- TorrentLocker: 5%
- CryptoMix: 3%
- Petya: 1%
- Cerber: 1%
- <1 day: 38%
- 1-5 days: 40%
- 6-10 days: 15%
- 11-20 days: 4%
- >20 days: 2%
- Antivirus/antimalware: 28%
- Regular backups: 20%
- Business continuity/DR: 22%
- Employee cybersecurity training 18%
- Other: 7%
- Anti-ransomware add-on: 3%
- Email spam filters: 2%
- Very confident: 31%
- Somewhat confident: 60%
- Not at all confident: 9%
