1 in 5 Businesses Attacked: 2019 Ransomware Statistics
Datto released its 2019 ransomware statistics this month, and the numbers aren’t pretty. 1 in 5 small to mid-sized businesses (SMBs) has fallen victim to ransomware, and the average costs of an attack continue to rise.
Datto surveyed more than 1,400 IT providers to create its 2019 ransomware report, and 89% said they are “very concerned” about the threat of ransomware. To make matters worse, 4 out of 5 IT providers say their own businesses are now being attacked as well, in addition to their clients’.
Here are some of the key findings from the report.
The most relentless threat to SMBs
85% of managed-service providers (MSPs) say that ransomware has become the most common threat to small businesses.
On any given day, businesses face a deluge of other malware via email, malicious websites and system vulnerabilities. Viruses, worms, Trojans, bots and spyware are just a few of the most common forms, which typically can be thwarted by good antimalware. But IT providers say that ransomware has now topped the list, becoming the most prevalent threat to their clients’ businesses.
Downtime costs 23X more than the ransom
Ransom demands are increasing tremendously, as we show below. But the real brunt of a ransomware attack is the downtime it causes.
When ransomware takes over your network, operations are effectively frozen. Work stops. Employees are idled. Revenue streams are broken. Your products and services can’t be delivered.
For small companies, these costs add up tremendously. On average, each hour of downtime costs them more than $8,000. And for larger businesses, those numbers can balloon into millions of dollars per hour.
In 2019, the average cost of downtime from ransomware was 23 times greater than the ransom amount, according to Datto’s report.
Average cost of downtime: $141,000
IT providers say that the ransomware attacks in 2019 cost their clients $141,000 per incident, on average.
That’s more than a 200% increase over the previous year, when MSPs reported an average downtime cost of $46,800 per attack.
These numbers were even higher for Canadian businesses, which lost an average of $180,000 per incident.
Ransom demands jumped 37%
While the ransom demands typically pale in comparison to the costs of downtime, hackers are demanding more and more as each year passes.
The demands jumped from an average of $4,300 in 2018 to $5,900 in 2019 – a 37% increase. And keep in mind these are just averages. Cybercriminals are increasingly targeting their attacks toward more sensitive industries and asking for bigger sums. Just last month, hackers demanded more than $5 million in an attack on the City of New Bedford, Massachusetts. (The city said “no.”)
Paying the ransom can be a tempting solution when the demand is low, but most experts strongly advise against it, unless it’s a last resort. Giving cybercriminals the money they ask for only emboldens them to attack more and more businesses. Also, paying the ransomware doesn’t guarantee that the hackers will actually give you the decryption keys to restore your data. Many don’t …
4% say clients never got their data back
Sometimes, companies have no choice but to pay the ransom in a desperate attempt to restore their operations before it’s too late. But unfortunately, hackers don’t always comply.
4% of MSPs reported that clients paid the ransom, but their data was never released.
Only 28% of MSPs say their clients share their concern
This is a major disconnect.
We mentioned above that 89% of IT providers say they’re very concerned about ransomware. But only 28% said their clients share the same level of concern.
Despite the prevalence of attacks and media attention over the last few years, many small businesses still aren’t taking the threat seriously enough. Often, business owners and executives believe they are already doing enough to protect their systems. But the next statistic proves otherwise …
Traditional cybersecurity solutions aren’t cutting it
Datto found that many small to mid-sized businesses were infected with ransomware even though they had traditional cybersecurity defenses deployed.
Over the last couple years, ransomware has become more sophisticated, using increasingly deceptive means for infiltrating networks or exploiting software vulnerabilities.
Businesses are often infected despite having these common solutions installed:
- Antivirus software
- Email/spam filtering
- Ad/popup blockers
- Endpoint detection and response platforms
This underscores the reason why many businesses aren’t deploying better protection for ransomware: they assume they’re already safe.
Phishing emails are the top culprit
Human error is a big reason why ransomware often sneaks past cybersecurity defenses.
67% of MSPs told Datto that phishing emails were the leading cause of ransomware for their clients. These emails are disguised as legitimate communications, sometimes even using the name of a coworker or vendor. The user is typically asked to log into a business platform or change their password, when in reality it’s just a fake page that steals the user’s login credentials.
In some cases, simply clicking the link in the email, or opening the attachment, will initiate the download of a malicious ransomware program. If the business isn’t actively using software whitelisting to block unknown applications, then the infection immediately takes root.
36% of MSPs say businesses don’t have enough cybersecurity training
Roughly one out of three IT providers said that the leading cause of ransomware attacks was a lack of cybersecurity training at the business. Ongoing training can go a long way to preventing an infection by informing employees of the risks and educating them on how to spot deceptive tactics, like phishing.
MSPs also cited the following leading causes of successful infections:
- Weak passwords (30%)
- Poor user practices (25%)
- Malicious websites and/or ads (16%)
- Clickbait (16%)
While it’s true that each of these causes can be linked to human error, you can’t blame users alone. Stronger IT policies, reinforced with cybersecurity controls and ongoing training for employees, can significantly reduce the risk of an infection.
SaaS infections are on the rise
Businesses are increasingly storing critical data in cloud-based SaaS applications, but this data is often just as vulnerable to ransomware.
28% of MSPs said their clients experienced ransomware attacks that compromised SaaS applications. Among these, 64% said Office 365 data was infected. 47% said attacks occurred in Dropbox. 18% reported attacks in G Suite, and others lost data in Salesforce and Box.
56% say their clients were attacked in Q1-Q2 of 2019
It’s been a rough year.
Nearly 800 MSPs (more than half of those surveyed) said their clients suffered ransomware attacks in the first 6 months of 2019 alone.
In the past two years, only 15% of MSPs said their clients managed to avert an infection. The remaining 85% wasn’t so lucky.
Equally alarming is the number of businesses who are attacked more than once. 15% of MSPs reported that some of their clients were attacked multiple times in a single day.
Data isn’t just being encrypted—it’s being stolen
In most ransomware attacks, files are encrypted, preventing users from accessing the data and often making the PC unusable.
However, sometimes ransomware is used as a cover for other, more insidious malware. 12% of MSPs reported that the ransomware resulted in stolen data. From there, hackers can use the stolen data in a number of ways: to extort additional money from the organization, to use compromised credentials to access more sensitive systems, or to sell the data to other cybercriminals.
BC/DR is the #1 way to combat an attack
As we mentioned above, even the best cyber-defenses may not stop an attack. When an infection occurs, typically the only effective solution is restoring a backup.
MSPs agree that the BC/DR (business continuity and disaster recovery) is the single most effective way to combat ransomware. In terms of importance, they rank it even higher than cybersecurity training, patch management and anti-malware software – each of which is only useful for preventing an infection. Once your data is encrypted, restoring a backup is generally the simplest and fastest way to get the data back.
92% say BC/DR prevents significant downtime
The vast majority of surveyed IT providers reported that clients with a robust backup solution are less likely to experience significant downtime from ransomware.
4 out of 5 MSPs also said that clients with BC/DR fully recovered in less than a day. That is an important milestone to highlight at a time when some ransomware attacks are derailing organizations for weeks and months at a time.
It’s only going to get worse
Nearly every IT professional—a solid 96% of the 1,400+ surveyed—said that they foresee ransomware attacks continuing at the current rates or worsening in the months ahead.
While the rate of attacks has temporarily waned at times over the last year, ransomware has remained a growing threat that continues to evolve. Furthermore, MSPs predict that cybercriminals will continue to test new methods to infiltrate company systems:
- 64% predict that ransomware will begin targeting IoT devices (Internet of Things)
- 63% predict that social media accounts will be targeted
- 56% predict that utilities will be compromised (i.e. power grids, gas companies, etc.)
- 62% predict that ransomware will bankrupt entire businesses
Get the information you need to protect your data
To see how your organization can effectively combat ransomware with BC/DR solutions from Datto, request a free demo or contact our business continuity experts at Invenio IT. Call (646) 395-1170 or email us at success@invenioIT.com.