$310M Paid to Hackers: A Closer Look at Datto’s Ransomware Report
Oof. It’s been a rough year for ransomware attacks.
Small businesses across the globe paid more than $301 million to hackers last year. And the rate of attacks is expected to continue rising over the next two years.
Worse yet, most small businesses are still in the dark about the threat of ransomware. While some organizations are finally starting to take ransomware more seriously (usually because they’ve already been attacked), others are more vulnerable than ever.
A new report from Datto illustrates how ransomware has become a full-blown epidemic for businesses around the world. It’s not just WannaCry or NotPetya or GoldenEye. While those were the most high-profile (and singly destructive) attacks in 2017, many other strains continue to infiltrate businesses on a daily basis, locking up their data and grinding operations to a halt.
Below, we highlight some of the most disturbing stats in the Datto Ransomware Report with the hope that more businesses will begin reevaluating their business continuity solutions.
A quick primer on the Datto ransomware report
Here’s what you need to know:
- The report is based on survey findings from more than 1,700 managed-service providers (MSPs) across the globe. MSPs are companies that manage IT solutions, such as BC/DR solutions, networking and other infrastructure, for their business clients.
- Altogether, those 1,700+ MSPs serve more than 100,000 small-to-mid-sized businesses (SMBs) worldwide.
- By focusing on MSPs, the report offers a more in-depth look at ransomware’s impact on businesses of all sizes, in numerous industries.
- Most stats in the report are based on findings from between Q2 2016 and Q2 2017.
Officially, the report is titled: Datto’s State of the Channel: Ransomware Report. Datto is a provider of business continuity solutions and data-backup technology.
Key findings & trends: Not a good sign
Let’s start with some of the most eye-popping figures in Datto’s report. In case you had any questions about whether the ransomware situation was getting better, this should make it pretty clear.
Spoiler alert: it doesn’t look good.
- 5% of all SMBs were attacked globally.
Ransomware has quickly become the no. 1 cybersecurity threat for businesses today. It’s unique from other forms of malware in that it gets past your antimalware software and locks up your data (often across the whole network) before you even know you were attacked.
- $301M paid just last year.
What’s important to remember is that most ransom demands are relatively small. 47 percent of MSPs said the average request was between $500 to $2,000. Only one percent of respondents said requests were more than $20,000. With a global total estimate at around $301 million, that means a staggering number of businesses are being hit (and they’re paying up).
- Attacks are happening more.
A whopping 97 percent of respondents reported that ransomware is becoming more frequent. And nearly all of them (99%) predicted that attacks would increase even further over the next two years.
- 2017 has been terrible.
In the first half of 2017 alone, roughly six in ten SMBs reported being attacked by ransomware. By comparison, six in seven businesses reported being attacked between 2015 and 2017.
- Attacks are happening everywhere, every day.
A fifth of MSP respondents said more than six of their clients had been recently attacked. And more than a quarter of them said they had multiple clients who were attacked the same day. (This was especially evident in Canada, where 31 percent of MSPs reported having multiple incidents in a single day.)
What happens in an attack
Attacks are happening right now, as you read this. But how are businesses responding? Are they paying up? Are they calling the authorities, as the FBI recommends? Are they successfully retrieving their data?
Here’s what the research shows:
- Only 1 in 3 call the Feds.
The vast majority of attacks go unreported to the authorities. This is actually an improvement over 2016, when even fewer businesses (roughly 25%) said they reported the crime. But it’s still a problem. The FBI strongly advises businesses to contact their local FBI field office at the first sign of an attack.
- 35% paid up.
Look, we get it. When your data is locked and your operations are at a standstill, paying a $500 ransom doesn’t seem like such a bad gamble. But as a rule of thumb, paying the ransom is not a good idea—it ultimately supports the further development of ransomware and it doesn’t guarantee you’ll get your data back.
- Many never got their data back after paying up.
Of those who paid the ransom globally, about 15 percent never recovered the data. In the UK, this number was 21 percent. If you’re going to give the attackers what they want (usually in the form of Bitcoin payments), just be advised: you may be flushing your money down the drain.
- Fewer businesses are paying.
There’s a silver lining here. Businesses were less willing to pay the ransom in 2016-2017 than in the year before, when 41 percent reported paying. This may also be a good sign that businesses are implementing better data backup solutions that remove the need to pay the ransom in the first place.
Where it hurts most
Want to know why a $500-$2,000 ransom payment isn’t a bad gamble for some businesses? Because when their business-critical data is gone, they’re losing a lot more money in downtime.
According to a previous Datto study, businesses lost an average of $8,581 per hour of downtime. Ouch.
Here’s how the losses really add up:
- 3 in 4 say downtime threatened their businesses.
75 percent reported that their ransomware attacks caused business-threatening downtime. It’s not just a matter of losing a few files. For many businesses, the lost data halts operations. It results in revenue losses, shipping/logistics stoppages, idle workers and other costly problems.
- Many lose data for good.
57 percent of MSPs clients lost data or devices in an attack. Even if they have a backup, some businesses lose large amounts of data if the recovery point is several hours (or days) old.
- Ransomware strikes back.
Just when SMBs thought the attack was over, ransomware came back. Nearly a third of MSPs said that ransomware remained on a client’s system after an initial attack and struck again at a later time.
- Oops! Backups were infiltrated too.
33 percent of respondents reported businesses were using vulnerable backup systems that were encrypted along with the company’s other data. Their backups were useless.
Industries being attacked
Ransomware knows no limits. It typically spreads by spam emails, often with bad links, malware-laced file attachments or phishing scams. These emails generally aren’t targeted to any particular business. They’re designed to reach as many inboxes as possible, based on addresses scraped from the Web (or pulled from the address books of other infected machines).
Locky, one of the most common strains of ransomware, sent 23 million emails in 24 hours, according to TechRepublic. And that’s only one strain.
As such, ransomware affects nearly every industry. However, some industries suffered more than others last year, according to the Datto ransomware report.
Here’s a breakdown of sectors and what percentage of them reported being attacked:
- 48% – Construction/manufacturing
- 28% – Professional services
- 28% – Healthcare
- 24% – Legal
- 23% – Non-profit
- 12% – Education
- 12% – Real estate
- 10% – Retail
- 10% – Consumer products
- 9% – Government
- 9% – Architecture/design
- 7% – Travel/transportation
- 6% – Energy/utilities
- 5% – Media/entertainment
Why are businesses still so vulnerable?
The continued spread of ransomware begs the question: why aren’t more businesses doing more to protect themselves?
The biggest reason: businesses simply don’t understand the seriousness of the threat, if they know what ransomware is at all. Even businesses that are concerned about ransomware typically aren’t doing enough to protect themselves, according to their MSPs.
Let’s look at some key stats that illustrate this perfectly:
- Only 38% of SMBs are “highly concerned” about ransomware.
That’s not enough. And, it’s only a small uptick from the 38 percent that were concerned in 2016. Compare that to the 90 percent of MSPs who say they are highly concerned.
- Lack of training is a huge problem.
MSPs say that a lack of cybersecurity training is the #1 reason for the success of ransomware. Employees need to be educated on how to identify suspicious emails and links, and on how to respond if an attack occurs. But it’s not all their fault. MSPs also put blame on a lack of defense solutions and outdated patches, among other reasons.
- Anti-virus software alone won’t cut it.
94 percent of MSPs said that ransomware attacks successfully bypassed anti-virus software.
Businesses need a multilayered strategy to defend themselves against ransomware.
No single solution, such as employee training or anti-virus software, will provide complete protection. Businesses must employ a 360-degree approach, backed by a dependable backup and disaster recovery (BDR) system.
If you’re still not sure what such an approach might look like, consider these stats as a final takeaway:
- BDR solutions are the #1 most effective ransomware solution, according to MSPs, followed by cybersecurity training, anti-virus software, email/spam filters and application/OS patches.
- 95% of MSPs say they are more prepared to respond to a ransomware infection if BDR is in place.
- 96% say businesses fully recover from ransomware if a BDR device is in place.
For more information on how your company can defend against ransomware with today’s best data-protection technologies, contact our business continuity experts at Invenio IT. Request a free demo or contact us today by calling (646) 395-1170 or by emailing [email protected].