Small-to-mid-sized businesses suffered a disproportionately large number of ransomware attacks in the first six months of 2018, and an overwhelming number of managed service providers (MSPs) who have SMBs as clients believe that the number of ransomware attacks will only rise.
That’s according to a recent survey of over 2,400 MSPs by security firm Datto. It found that 55 percent of respondents thought their SMB clients had suffered at least one ransomware attack in the first six months of 2018, and 79 percent said their clients had suffered ransomware attacks in the past two years, thereby making it clear that SMBs were, and still are, preferred targets of ransomware operators.
While the above numbers clearly suggest that a very small percentage of small and medium businesses have escaped ransomware attacks, 92 percent of MSPs told Datto that the spate of such attacks will continue at current, or worse, rates in the near future.
However, ransomware isn't the only major worry for SMBs, many of whom operate on tight budgets and cannot afford to deploy advanced endpoint or anti-malware solutions. While 63 percent of MSPs said their SMB clients faced virus attacks in the past two years, 58 percent said that their clients suffered spyware attacks and a similar number claimed their clients suffered adware attacks in the same period.
SMBs have also suffered other forms of attacks such as Trojans, cryptojacking, rootkits, worms and keyloggers in the past two years. With such a wide attack base and such a large number of tools in the hands of malicious actors, SMBs will certainly have to change the way they manage their cyber-resilience and prepare against emerging threats.
The thing about ransomware attacks is that they are neither monthly, quarterly or annual phenomena. SMBs may suffer such attacks at any time of the year and as per MSPs who spoke to Datto, may suffer multiple ransomware attacks in the same day. This is because ransomware variants are not only in the possession of malware authors, but are also in the possession of those who can easily buy them from underground marketplaces.
While 66 percent of MSPs said ransomware payloads are delivered via phishing emails that contain malicious web links, 24 percent said ransomware payloads are delivered through malicious websites and web advertisements, and a further 21 percent said they are injected into targeted systems via clickbait links.
A major reason behind the rise in successful ransomware attacks is the lack of cyber-hygiene among employees at small and medium businesses. While one in three MSPs believe employees are not provided cyber-security training, 28 percent believe employees engage in unsafe and poor data security practices such as clicking on unknown attachments or links, and 28 percent of MSPs said employees use weak passwords and have poor access management practices which make it easy for hackers to inject ransomware into their systems.
Small and medium businesses also suffer gravely in the aftermath of successful ransomware attacks, suffering either loss of business productivity, long downtimes, loss of sensitive enterprise or customer data, compromise of a large number of devices connected to the same network, loss of money paid as ransom to criminals, and not being able to recover data even after paying ransom.
SMBs also fear the loss of reputation following a successful cyber-attack, and because of this reason as well as the fear of regulatory action and fines, 76 percent of ransomware attacks are not reported by SMBs to authorities. As a result, governments are not able to truly assess the extent of ransomware attacks targeting businesses in a given period of time.
According to managed service providers, the cost incurred by SMBs to recover systems and data and losses suffered because of downtime is more than ten times the amount paid as ransom to cyber-criminals. While the average ransom paid by SMBs is around US$ 4,300 (£3,348), the cost of downtime on average is over US$ 46,800 (£36,440).
When asked about the most effective solutions for ransomware protection of SMBs, MSPs told Datto that business continuity and disaster recovery solutions, employee training, proper patch management processes, the use of antivirus solutions and the setting up of unified threat management platforms are the most effective methods for warding off ransomware attacks or recovering in the aftermath of an attack.
According to Datto, a ransomware response plan should ideally involve the ability to detect the presence of ransomware in a network-connected device, understand how the ransomware entered the system, restore an infected device, patch security holes and implement new employee training as required.
With only two percent of MSPs believing that ransomware attacks will significantly decrease in the near future, and 42 percent of them believing the opposite, it is clear that MSPs will need to adopt effective ransomware response plans to protect their clients from attacks.
Sean Sullivan, security advisor at F-Secure, told SC Magazine UK that the number of ransomware attacks on individuals has come down as it has become harder to get them to pay. So cyber-criminals are increasingly targeting SMBs as "businesses are still worth trying to shake down and often can be forced to pay extortion in order to recover business critical systems more quickly".
"Endpoint protection (EPP aka AV) is evolving into Endpoint Detection and Response (EDR). That’s the future: EPP and EDR will be the same thing," he said. "And in the case of EDR, small businesses will be given tools to ‘phone a friend’ – whether that’s the MSP or the security provider. Services will be accessible via the products, and forward thinking MSPs should begin looking into solutions now."