Ransomware: The threat is real for VARs and MSPs
In our first blog post in our series about ransomware, we took an in-depth look at crypto-ransomware, how an employee’s laptop might become infected, and what they would have to do to pay the ransom and recover their files. Our next blog looked at the problem from the the perspective of the IT admin having to contain the infection and reconfigure that laptop.
In this installment of our blog series about ransomware and it’s impact on businesses, we explore the threat from the viewpoint of VARs and MSPs, including their experiences with ransomware and it’s impacts on their customers.
59% of VARs and MSPs say ransomware attacks are on the rise
We asked Researchscape to survey 275 IT experts from January 15 to January 30, 2016 regarding various security concerns, including the threat of ransomware. We wanted to understand their concerns, both from their own perspectives and from the perspective of their customers.
While hacking and privacy breeches get a lot of attention in the news, and are therefore top-of-mind for these experts and their customers, more than 30% of IT vendors surveyed said ransomware was a big concern. And 59% expected the number of reported ransomware attacks to increase over 2016. We thought that was a pretty powerful prediction.
It got interesting when we dove a little deeper. It turns out 43% of VARs and MSPs surveyed had customers who had been victims of ransomware. Given that high number, it’s easy to see how vendors could predict that the threat would only get worse.
Are some businesses more likely to fall victim to ransomware than others?
Many times you read that ransomware is a random act of crime, that cyber kidnappers send out millions of phishing emails with no real target in mind — the “buckshot” approach. But when you dig a little deeper, you start to read stories about more targeted attacks. About kidnappers using social engineering to aim at certain types of businesses or certain types of workers.
In this way, ransomware is a lot like other types of spear-phishing crimes. And the outcome can be just as costly for a company. It seems that cyber kidnappers are targeting industries or workers that they feel have the most to lose if their files get encrypted — and are therefore, more desperate and more likely to pay the ransom. Just look at these two recent attacks on hospitals in Germany and on a hospital in California. When medical machines stop functioning and doctors can’t access vital patient records, you have a crisis on your hands and you’ll pay to get the situation fixed. It’s easy to see why these businesses were seen as good targets for attack.
So we asked VARs and MSPs taking our survey if they felt certain industries are prime targets for those who wish to deal digital harm to them. And they told us that three industries in particular had the most affected customers: information technology, accounting/finance/banking, and the internet. All three are examples are industries where the protection of intellectual property and client records is a major concern. And where severe damage could be done if that data was suddenly encrypted and unavailable for a significant period of time.
And that led us to the next topic — how long does it take to recover from a ransomware attack and how does that hurt the victims?
What’s the real cost when company data is kidnapped? Hint: It’s not the ransom.
When companies get hit with ransomware, their faced with some tough questions: Do you pay the ransom? Do you try to restore your files from backup? What if you pay and you still don’t get the decryption key?
The VARs and MSPs who took our survey were the ones on the receiving end of those questions. They were the first responders, the experts who got called to get files restored and users working again.
And those vendors said that while the majority of their customers were back up and running in about 1 day, the average time it took to get everyone working again was 3 days. And unfortunately for 7% of those victims, it took more than a week to get their workers up and running.
How much would your business lose if your employees couldn’t work for 1 day? 3 days? A full week? Given the increased collaboration among today’s workers and the amount of files synced to shared storage, you’re not just talking about the 1 or 2 users who installed the malware — you’re talking about every user who touches any of those encrypted files.
And I know a lot of businesses say they’ll just pay the ransom, get the decryption key and be done with it. After all, the median ransom is only $250 a user. Well, of those customers that did pay, 29% still didn’t get the decryption key.
And just because you decrypt your files, it doesn’t mean you still don’t have to take the time to thoroughly wipe the infected computers and do a full reimage. That’s the only way to make sure the malware is gone. So we could easily understand why 75% of IT experts said that their customers didn’t pay the ransom.
Diving deep into ransomware with Intermedia partners
In our next installments in this blog series, we’re going to talk to various Intermedia partners about ransomware. We’re going to discuss specific customer experiences and get their thoughts on how companies can protect themselves from attack and recover quickly if they fall victim to cyber kidnappers. Stay tuned…
To learn more about ransomware and the tools you can use to restore files and get employees back to work quickly, read Intermedia’s 2016 Crypto-ransomware Study. And for an insider view of the problem, check out the full survey: Crypto-Ransomware: Reseller Attitudes toward Customers’ Security Concerns.