Most Important Stats from the 2018 Datto Ransomware Report

December 7, 2018

6 min read

Tracy Rock

Director of Marketing @ Invenio IT
Datto Ransomware Report

Most Important Stats from the 2018 Datto Ransomware Report

by | Dec 7, 2018

Ransomware continued to wreak havoc on businesses in 2018, according to a new report from Datto. And while there are signs that attacks have slowed down, the report shows there’s still plenty to be concerned about.

Consider, for example, that 1 in 2 IT providers say their clients experienced a ransomware attack in the first half of 2018 alone. And nearly all of them – 92% of respondents – predict attacks will continue at the current rates or worse in the next year.

If you’ve heard that ransomware is on the decline, you’re partially correct. After the big mid-2017 attacks of WannaCry and NotPetya, ransomware saw a sudden drop-off late in the year as hackers moved onto the next hot cybercrime: cryptojacking.

But of course ransomware never went away completely. And there are signals it’s on the incline again. In Q3 of 2018, Malwarebytes detected an 88% increase in attacks on businesses.

So, where are things really headed with the file-encrypting malware? Here’s what Datto’s 2018 ransomware report has to tell us.

Some quick background on the report

Before we dig into the findings, it’s good to know where the numbers come from. Datto’s “State of the Channel Ransomware Report” is compiled every year based on survey answers with experts around the world.

  • The stats highlighted below represent survey answers compiled from more than 2,400 managed-services providers (MSPs) worldwide. MSPs provide a wide range of IT solutions for businesses, such data backup, network management and other services.
  • Together, these 2,400 MSPs serve thousands of small- to mid-sized businesses (SMBs) around the globe.
  • Datto is a leading provider of business continuity solutions for SMBs, including hybrid cloud data backup, SaaS backup and networking devices.

TL;DR: 5 key findings

Don’t have time to read the whole report? Here are some of some of the most important takeaways you need to know:

1) Ransomware is still a major threat

Surprise! Ransomware still sucks. Even with the slow-down in late 2017, the last two years present a grim picture. 4 out of 5 MSPs (79% of respondents) say their customers suffered ransomware attacks between Q2 2016 and Q2 2018. 55% reported attacks in the first half of this year alone.

2) Downtime costs 10x more than ransom

The actual ransom demand is usually a drop in the bucket for most businesses. (Hackers price it low, so that victims are more willing to pay up.) That’s not the real concern. The biggest expense from an attack comes from the downtime: the operational stoppage, idle workers, productivity loss, hardware repair/replacement and so on. MSPs say the average cost of downtime from a ransomware attack is $46,800—roughly 10 times higher than the average ransom demand of $4,300.

3) It’s a bigger problem than we know

The thing about ransomware attacks is that most businesses never report them to authorities. Less than 1 in 4 get reported, according to MSPs, which means a lot more attacks are happening and we don’t know a thing about them.

4) Ransomware kills business

67% of IT providers said their clients suffered productivity losses after an attack. Roughly 50% said the attacks resulted in “business-threatening downtime.” This is a key point to remember. Even when ransomware trends take a downturn, all it takes is one successful attack to devastate your operations.

5) No operating systems are immune

In fact, attacks on Apple—once believed to be ransomware-free—are increasing significantly. In Datto’s findings, MSPs reported a 500% increase in ransomware attacks on Apple OS/iOS in the past year.

The weird lack of concern about ransomware

One of the most telling figures in Datto’s report has to do with how the threat of ransomware is perceived by businesses vs. their IT providers:

  • Only 36% of small- to mid-sized businesses say they are “highly concerned about ransomware”
  • But nearly 90% of their MSPs say they are highly concerned about it and believe that their customers should be too.

This underscores a persistent problem about ransomware: lots of companies still don’t have a handle on how great the risk is. Whether due to a lack of knowledge about the malware, or an overconfidence in their defenses, many businesses maintain a false sense of security about the threat.

Unfortunately, these same businesses tend to be the least prepared (and most disrupted) when an attack does occur.

How infections happen

While businesses have gotten better about upgrading their backup systems and other defenses in recent years, the actual cause of successful infections hasn’t changed much. In most cases, infections are the result of human error.

  • 33% of MSPs say that a lack of cybersecurity education is chiefly to blame in a ransomware attack. That’s because most infections use delivery methods that require action by end users.
  • 1 in 3 say that phishing emails are the top delivery method for ransomware.
  • 24% report that infected websites and ads are a primary method of infection.
  • Nearly a third of MSPs say that user “gullibility” is to blame for allowing infections to occur (though we would argue that the real culprit here is a lack of employee education).
  • 28% say that weak passwords and/or lack of access management are a top vulnerability at SMBs.

How ransomware costs you

We’ve already highlighted some of the ways that ransomware eats into your bottom line. But let’s break down the costs even further. When MSPs were asked to check off all the ways their customers experienced losses after an attack, here’s what they reported:

  • Loss in productivity (67% of respondents)
  • Business-threatening downtime (53%)
  • Loss of data or hardware (43%)
  • Infection spread across network (42%)
  • Profit loss (32%)
  • Damaged company reputation (25%)
  • Stolen data (22%)
  • Ransomware remained on system, struck a second time (18%)
  • Failure in regulatory compliance (12%)
  • Paid ransom but never got data back (11%)

As we mentioned above, the average ransom demand is now $4,300. But when you drill down to specific countries, these numbers can be even higher. For example, data submitted by MSPs in Canada shows that the average demand there is roughly $6,600 per attack.

Who is being targeted?

Ransomware spares no industry. That’s because most attacks aren’t really targeted. They’re blasted via massive spam campaigns with the objective of reaching as many inboxes as possible, regardless of business.

However, research shows that attackers are becoming choosier with whom they attack. When certain sectors become more profitable for hackers, those types of businesses are more likely to be hit again.

When asked which types of clients have been attacked recently, MSPs reported the following industries:

  • Construction / manufacturing (38% of MSPs)
  • Professional services (35%)
  • Finance / Insurance (27%)
  • Healthcare (25%)
  • Legal (21%)
  • Nonprofit (20%)
  • Real estate (15%)
  • Retail (15%)
  • Education (11%)
  • Travel / transportation (10%)
  • Consumer products (10%)
  • Architecture / design (10%)

Vulnerable operating systems

We mentioned that attacks on Mac OS/iOS have increased 500% in the past year, but let’s look at the numbers a little closer. Here’s the percentage of IT providers whose clients experienced attacks on the following operating systems:

  • 99% Windows: Attacks on Windows are still the most common, as the operating system is more ubiquitous in the workplace and thus gives hackers greater opportunities to exploit both users and vulnerable software.
  • 9% macOS: Nearly 1 in 10 MSPs reported having clients who suffered a ransomware attack on Mac systems.
  • 8% Android: Mobile devices are not immune either. Additionally, Datto points out that “APAC suffers the highest rate of Android ransomware incidents globally, with 11% of MSPs reporting infections in that system.”
  • 5% iOS: Along with macOS, Apple’s mobile devices are increasingly being targeted.

Most important defenses

So, what are the best ways to protect your data (and your business) from a ransomware attack? Here’s how the 2,400 managed-service providers ranked the most effective solutions:

1) Business Continuity & Disaster Recovery Solution (BC/DR)

A good data backup system remains the most important defense against ransomware. When an infection occurs, your BC/DR system allows you to simply roll back to a recovery point from before the attack. This restores your data and eliminates the threat in the process. Also, Datto’s backup appliances go even further with built-in ransomware detection. The devices automatically detect a ransomware footprint, allowing administrators to act even sooner.

2) Employee Training

MSPs consistently rank employee education as one of the best ways to prevent an attack. All users on your network should be trained on how to spot potentially malicious emails and websites.

3) Patch Management

Patching your operating systems, software and firmware are critical to fixing vulnerabilities that could lead to an infection. Many IT providers recommend deploying a centralized patch management system for greater control.

4) Antivirus/malware Solutions

Antimalware software has gotten better at detecting known strains of ransomware, like CryptoLocker, WannaCry, Locky and others. The best solutions will work in tandem with your spam filters and site-blocking tools to prevent infections from occurring in the first place. However, it’s worth noting that 86% of MSPs said that attacks occurred even when clients had antimalware running.

5) Unified Threat Management Platform

Unified threat management (UTM) streamlines your defenses into a single solution, typically via a network security device or cloud service. MSPs say UTM is an increasingly critical cybersecurity resource for preventing cyberattacks.

Get the full Datto ransomware report

For more information on the figures we’ve highlighted above, you can download the full 2018 Datto ransomware report here. In addition to the stats, the report identifies additional methods beyond BC/DR for preventing and responding to ransomware attacks.

Request a free demo

To see how you can block ransomware and effectively eliminate threats with Datto’s data backup systems, request a free demo or contact our business continuity experts at Invenio IT. Call (646) 395-1170 or email us at

New call-to-action

Director of Marketing @ Invenio IT