The ransomware landscape is a buoyant and dangerous place. A previous post explored this using the findings from the Datto “Global State of the Channel Ransomware Report”. The Datto report analyzed 1000 MSPs to see how ransomware attacks can harm both MSP and SMB. The report findings finish on a positive note, looking at ways to prevent a ransomware threat or at least mitigate the aftermath of an attack. Here are further findings from the Datto report, including the ways that an MSP can ensure that their client’s network is as secure as it can be.
Click here for previous post.
When ransomware hits…what happens…
With 70% of MSPs reporting that ransomware is the most common malware threat to SMBs, knowing what happens when ransomware hits is important. The report pulled out key business areas impacted by ransomware incidents: The most prevalent and impactful was business downtime. One of the issues with ransomware is that it rarely affects a single computer. The malware is adept at propagating across a network. In 62% of cases, loss of business productivity was a consequence of ransomware infection. Other main areas that were impacted after infection were:
- Business threatening downtime (39%)
- Lost data and/or device (28%)
- Decreased customer profitability (24%)
- Damaged reputation (17%)
Downtime vs. the ransom price, who will win?
Ransomware encrypts files and documents then offers a decryption key for a price, aka the ransom. The ransom note, that pops up on an infected computer, is the most obvious result of infection. However, it is not necessarily the costliest. Datto found that downtime incurs significantly more cost than the ransom itself. Downtime is highly impactful, affecting employee work and productivity across the business. According to the Datto report, downtime, across all geographic regions far outweighs the cost of a ransom by up to 50X:
Average ransom: $6,200
Downtime costs: $308,900
Average ransom: $3,500
Downtime costs: $185,800
Average ransom: $4,400
Downtime costs: $257,000
What is even more worrying is that in 2020, the average cost of downtime caused by ransomware has increased by 486% from 2018 figures.
Ransomware attacks, Windows and SaaS
The increase in remote working during the Covid-19 pandemic has resulted in increased cloud workloads. However, MS Windows remains a key ransomware target, with around 91% of all ransomware attacks in 2020 affecting Windows PCs. The Datto report believes that the drivers for this are the large volume of Windows PCs in use and the prevalence of phishing as a vector for ransomware distribution. Windows servers were also found to be at increased risk, as they offer a direct way into a network.
As for SaaS, the big names were the main targets, with MSPs reporting ransomware attacks against the following:
- Office365 (64%)
- Dropbox (54%)
- Google Workspace (25%)
The general recommendation from the report is that endpoint protection and backup solutions should be prioritized.
Protective practices and proactive security
Knowledge is power and knowing how ransomware infects a corporate network means you can create a set of best practices to deal with infection routes. The Datto report sets out these best practice measures as:
Implement second factor authentication for access control, wherever possible, to prevent phishing attacks.
Business continuity and disaster recovery (BCDR)
The Datto findings show that “91% of MSPs report that clients with BCDR solutions in place are less likely to experience significant downtime during a ransomware attack.”
Therefore, put in place ransomware-resistant backup systems and disaster recovery action plans and measures.
Lack of security awareness training was one of the most common causes of a ransomware attack, as identified from the Datto survey. Organizations are strongly encouraged to train all employees on phishing tactics and security hygiene.
Endpoint detection and response (EDR)
Endpoints, including Windows PCs, are at risk, protect them with EDR solutions. Ensure that clients use managed anti-virus solutions that can be centrally updated.
Vulnerabilities are the entry point for ransomware, close them off using prompt patch management.
Email filtering and URL content scanning
These can prevent phishing and malware install using tactics such as infected online ads (“malvertising”).
Having visibility of all endpoints is vital in closing off any gaps that could be exploited. This is especially true as BYOD has exploded with remote working seeing employees using personal devices for work.
An option to manage web-borne threats is browser isolation. This isolates web browsing activity inside an environment like a virtual machine.
The Datto report presents a worrying landscape of ransomware out of control. However, this same situation presents opportunities for an MSP who can deliver best-of-breed security solutions to deal with the ransomware issue. The Datto report concludes several things: SMBs and MSPs are now very aware of the ransomware threat. However, an SMB needs multiple solutions to combat these attacks, including security awareness training for employees. Finally, a continuity strategy is vital. Backup solutions along with a robust disaster recovery plan are a must have at a time when ransomware is so prevalent.
Not sure how protected your environment is? Click here.