Key Takeaways from Datto’s State of the Channel Ransomware Report 2017 by Nop Srinara, Asia Sales Director, Datto Inc
Ransomware continues to make headlines across the world, with attacks like WannaCry and NotPetya, proving that any business, no matter how big or small, can be a target.
With this in mind, we asked more than 1,700 managed service providers (MSPs) who work with more than 100,000 small-to-mid-sized businesses (SMBs) in Asia-Pacific and across the world, to take part in our State of the Channel Ransomware Report, the largest survey of its kind, to find out what they are seeing on-the-ground, and provide us crucial insight into the trends and attitudes around this issue.
This is the second year we conducted the survey. Here’s what we found:
1. Ransomware attacks on SMBs are on the climb
The survey highlights an increase in the number of ransomware attacks targeting SMBs in Asia-Pacific and across the world, with 99 percent of respondents predicting an uptick in attacks over the next two years.
A huge 97 percent of respondents reported that ransomware attacks were significantly more frequent in 2017, than in previous years, with 86 percent citing that their small business clients had been victimised by ransomware within the last two years, and 21 percent reporting that six or more attacks had effected clients over the last year. Worryingly, a whopping 26 percent of MSPs also cited multiple attacks against clients in a single day.
In APAC, these numbers were higher with 93percent of MSPs reporting ransomware attacks from 2015-2017 vs globally (86%) and 75percent of MSPs in this region reported attacks in Q1-Q2 of 2017, which was higher than the global average (60%).
So why are SMBs a target? Today we see an increasing number of attacks demanding ransoms worth USD$2000 or less, primarily targeting SMBs. This might seem like pigeon-feed, however when targeting thousands of SMBs who are more vulnerable to attack than larger, more well-equipped enterprises, the figure quickly adds up, making SMBs lucrative, low-hanging fruit.
2. SMBs still lack knowledge
Despite the increasing frequency of ransomware attacks worldwide, our survey highlighted that awareness of the threat among business owners in the region is still very low, with only 38 percent of small businesses cited as having ‘some knowledge’. This lack of knowledge and understanding could also be responsible for the increasing frequency of attacks – as SMBs remain easy pickings for attackers.
The survey also showed that an estimated US$301 million was paid to ransomware hackers from 2016-2017, which is a real concern, with more SMBs in APAC paying the ransom (42%) compared with 35 percent globally.
This continues to be a major problem, as when a business pays the ransom, it sends the wrong message to attackers, letting them know that the business in question has money, and values its data. We believe that it is businesses paying the ransom that also encourages ‘cyber extortion,’ or where the same business is targeted by the same attacker several times.
It's also important to remember that paying the ransom, does not guarantee you will regain access to your data.
Lastly, it’s worth mentioning that it’s possible that we will never know the true impact that these attacks are having on SMBs in Asia-Pacific, as according to results, it was SMBs in this region who were the least likely to report attacks to the authorities (79% never reporting the attacks), compared with 68 percent globally.
3. Downtime is a real issue
Seventy-five percent of MSPs reported having SMB clients who experienced business-threatening downtime resulting from ransomware attacks. The truth is, the impact of downtime can affect SMBs far more than the cost of ransom requests, often resulting in loss of sales, productivity and reputation.
As we’ve seen by the flurry of ransomware attacks this year, attackers continue to outsmart today’s top security solutions, making backup and disaster recovery essential. Survey results showed that with a reliable backup and recovery solution (BDR) in place, 96 percent of MSPs reported that clients were able to fully recover from a ransomware attack.
4. Software-as-a-Service (SaaS) is a growing target for ransomware attacks
It’s clear that no industry, operating system or device is safe from these attacks. Among the industry verticals who are targeted most by ransomware attacks are construction, manufacturing, healthcare, professional services and finance. Results also showed that SaaS applications are a growing target for ransomware attacks, with Dropbox, Office 365 and G Suite being most at risk.
In APAC, 42% of MSPs reported cloud-based application ransomware attacks, which is higher than the global average (26%).