Datto State of the Channel
Ransomware Report

Download full report

About This Report

With survey findings gathered from 1,700+ MSPs serving 100K+ businesses around the globe, Datto’s State of the Channel Ransomware Report provides unique visibility into ransomware from the perspective of the IT Channel and their clients who are dealing with malware infections on a daily basis.

To learn more about this report, please reach out to Katie Thornton, Senior Manager of Content Marketing at Datto, Inc.

globe

The #1 cybersecurity threat for businesses today: ransomware

5% of small-to-mid-sized businesses (SMBs) fell victim to ransomware from 2016-2017

Global RANSOMWARE ATTACKS ARE ON THE RISE

97%

Report that ransomware is becoming more and more frequent.

99%

Predict the frequency of attacks will continue to increase over the next 2 years.

For SMBs, it’s no longer a question of if but when

6 in 7

Report SMBs victimized by ransomware from 2015-2017.

6 in 10

Report attacks in
 the 1st half of 2017 alone.

RANSOMWARE IS A FULL-BLOWN EPIDEMIC for global SMBs

How many clients have experienced a recent ransomware attack?

79%

report recent
attacks of 1-5 SMBs

21%

report recent
attacks of 6-10 SMBs

An unlucky 26% report multiple attacks against SMBs in a single day.

police car

Fewer than 1/3 attacks are reported to the authorities

A marked improvement from 1 in 4 attacks reported in 2016.

In 2017, 35% report SMBs paid the ransom, 15% of which never recovered the data.

(Down from 41% in 2016)

41%

2016

35%

2017

Total ransom paid by global SMBs to ransomware hackers*: $301 Million

*Between Q2 2016 and Q2 2017

For SMBs, the ransom isn’t what breaks the bank.

Nearly 50% of MSPs report the average ransom requested is between

$500 - $2,000.

$100-500

25% (259)

$501-2,000

47% (479)

$2,001-5,000

17% (174)

$5,001-10,000

7% (76)

$10,001-15,000

2% (18)

$15,001-20,000

1% (9)

$20,001+

1% (12)

pixels
closed businesses

The downtime cuts the deepest

Which of the following have clients experienced due to a ransomware attack?

57%

Report loss of data and/or devices

75%

Report business-threatening downtime

TODAY’S CYBER CRIMINALS ARE MORE RUTHLESS THAN EVER

29% of MSPs report ransomware virus remained on a client’s system after the first attack and struck again at a later time.

33% of MSPs report ransomware encrypting a customer’s backup

CRYPTOLOCKER STILL KING, BUT AGGRESSIVE STRAINS LAUNCH EVERY SINGLE DAY

Have any of your clients been victimized by any of the following? *

* Partners were asked to check all that apply

CryptoLocker 84% CryptoWall 46% Locky 29% WANNACRY 14% CBT LOCKER 13% TESLACRYPT 12% CRYPTXXX 10% WALLET 5% TORRENT LOCKER 4% CERBER 4% COIN VAULT 3% LECHIFFRE 2% DMA LOCKER 2% JIGSAW 2% OSIRIS 2% CryptoLocker 84% CryptoWall 46% Locky 29% WANNACRY 14% CBT LOCKER 13% CRYPTXXX 10% TESLACRYPT 12% WALLET 5% TORRENT LOCKER 4% CERBER 4% COIN VAULT 3% LECHIFFRE 2% DMA LOCKER 2% JIGSAW 2% OSIRIS 2%

Construction and Manufacturing are highly targeted, but no industry is safe

(Click the nodes to explore how other industries were affected.)

5% MEDIA/ENTERTAINMENT 48% CONSTRUCTION/ MANUFACTURING 9% ARCHITECTURE/DESIGN 23% NON-PROFIT 9% GOVERNMENT 12% REAL ESTATE 24% LEGAL 12% EDUCATION 6% ENERGY/UTILITIES 10% RETAIL CONSUMER PRODUCTS 10% 28% PROFESSIONALSERVICES 28% HEALTHCARE 7% TRAVEL/TRANSPORTATION

SaaS APPLICATIONS ARE NOT IMMUNE TO RANSOMWARE

Of MSPs who report ransomware in SaaS-based applications, the most common are:

2% 76% 21% 5% 32%

26% report ransomware infections in cloud applications in 2017.

In 2017, 90% of MSPs are “highly concerned” about the ransomware threat while only 38% of SMBs feel the same.

90% of MSPs

(up from 88% in 2016)

38% of SMBs

(up from 34% in 2016)

What would you say is the leading cause of a ransomware infection?

Lack of cybersecurity training fuels the success of ransomware

The majority of MSPs blame the lack of cybersecurity training across SMBs. Employees today are largely unprepared to defend themselves against these attacks.

5%

Outdated Patches

42%

Phishing Emails

45%

Lack of Cybersecurity Training

5%

Malicious Websites/Ads

2%

Lack of Defense Solutions

2%

Other

94%

Anti-Virus Software

73%

Email/Spam Filters

64%

Patched/Updated Applications

20%

Ad/Pop-Up Blockers

12%

Cybersecurity Training for Employees

7%

Lack of Defense Solutions

Of the ransomware incidents you’ve encountered, had they implemented any of the following? (Check all that apply)

As no single solution is guaranteed to prevent ransomware attacks, a multilayered portfolio is highly recommended.

Which is most effective in terms of business protection from ransomware?

The #1 solution for SMB ransomware protection? Backup & Disaster Recovery followed by cybersecurity training for all employees.

8%

Email/Spam Filters

36%

Employee Cybersecurity Training

50%

Backup and Disaster Recovery

4%

Anti-Virus Software

2%

Patching Applications

shield

95% OF MSPS FEEL “MORE PREPARED”

to respond to an SMB ransomware infection if BDR is in place.

With BDR in place,

96% report SMBs fully recover
 from ransomware

Without BDR in place,

40% report SMBs unable to recover quickly and fully from ransomware

Key Takeaways

gears

Businesses must ensure business continuity with BDR. There is no sure-fire way of preventing ransomware. Instead, businesses should focus on how to maintain operations despite a ransomware attack. There is only one way to do this: with a solid, fast, and reliable backup and recovery solution.

ransomeware note

Businesses must prepare the front line of defense: your employees. Today’s companies must provide regular and mandatory cybersecurity training to ensure all employees are able to spot and avoid a potential phishing scam in their inbox, a leading entrance point for ransomware.

green-shield

Businesses must leverage multiple solutions to prepare for the worst. Today’s standard security solutions are no match for today’s ransomware, which can penetrate organizations in multiple ways. Reducing the risk of infections requires a multilayered approach rather than a single product.

tech support

Businesses need a dedicated cybersecurity professional to ensure business continuity. SMBs often rely on a “computer-savvy” staff member to handle their IT support and not an IT expert. If a company cannot afford a complete IT staff for 24/7 cybersecurity monitoring, they should be leveraging a Managed Service Provider (MSP) who has the time and resources to anticipate and protect a company from the latest cybersecurity threats.

Additional Resources

You may also be interested in:

more info
more info
more info

Knowledge is Power:
Ransomware Education for Employees

more info
more info
more info

Ransomware Survivor Stories:

more info
more info
more info

Ransomware Detection and Recovery

With Datto Ransomware Detection, available on SIRIS and ALTO devices, MSPs can easily identify a ransomware attack and roll systems back to a point-in-time before the attack hit.

Learn More