The ransomware threat is still growing, writes Ryan Weeks, pictured, CISO at business continuity and networking product company Datto.
The Coronavirus pandemic has triggered a number of new cyber security threats, amongst them new ransomware attacks targeted at employees working from home. As working practices shift, organisations need to stay alert to evolving malware – including ransomware, which remains the most common threat to small and medium-sized enterprises (SMEs).
To illustrate the extent of this threat: Looking at the first half of last year alone, 61pc of managed service providers (MSPs) reported attacks against their clients during that time period, with two in five SMEs falling victim to ransomware. Sometimes these involved multiple attacks in a single day, according to a recent survey by Datto of over 150 European MSPs.
The latest Datto European State of the Channel Ransomware report shows that ransomware is now impacting businesses more than ever before. Not only are attacks more frequent; year-on-year, the average ransom demanded by cybercriminals has also increased, standing at around £2,000.
This figure can certainly cause a nasty shock to affected businesses. However, it is often the aftermath of an attack that can do the most damage: System downtime related to ransomware attacks is also increasing fast – by as much as 300pc in Europe, which is higher than the global average of 200pc. Adding to this risk, system downtime from ransomware usually hits small businesses much harder than bigger organisations. Costs related to such attacks currently add up to around £108,000 on average per incident, which is 54 times more than the ransom requested.
In fact, over half of surveyed MSPs think the damaging consequences of a ransomware attack have the potential to take entire companies out of business. Over half of MSPs stated that their clients saw a loss of business productivity after a ransomware attack, alongside lost data or devices and decreased client profitability (33pc). Worryingly, in around a third of reported attacks the infection spread to other devices on the network – in some cases, remaining on the company network and striking again at a later time. One in five businesses confirmed ransomware had damaged their reputation, with further repercussions down the line.
In an attack, paying the ransom is never recommended. Recovery is possible, but the ability to restore business systems quickly depends on consistent and workable system backups. Because it can be difficult to determine the source of a threat and how long it has been in the IT environment, MSPs tend to use a combination of processes to help their clients recover from a ransomware infection. This typically includes reimaging the server, virtualising the system from a backup image and running clean-up software. Being prepared is key so every business should have a robust remediation plan with defined responsibilities.
To minimise the risk of being badly affected by ransomware, organisations can follow these steps:
1. First and foremost, take ransomware seriously. Datto’s survey found a surprising disconnect between MSPs and SMEs: While 82pc of MSPs are ‘very concerned’ about ransomware, only 8pc reported that their SME clients felt the same – despite the business-threatening downtime implications.
2. Don’t fall victim to phishing. These emails are still the main cause of successful ransomware attacks (65pc), followed by a lack of security training, weak passwords and poor access management. Your employees could easily be your weakest link, so make sure staff know how to deal with any suspicious emails or websites. To be effective, security training must take place regularly.
3. Implement two-factor authentication. Strong identity and access management greatly reduces the risk of cybercriminals entering the network.
4. Review patching practices. Closing known security vulnerabilities must be a business priority. Make sure you install software patches as soon as they are released.
5. Don’t trust your defences. Antivirus software, email filters and endpoint detection are all essential parts of your security programme, but on their own they don’t provide reliable protection against ransomware.
6. You need a solid business continuity and disaster recovery (BCDR) strategy. This should focus on how to maintain operations during and after an attack so you can minimise costly downtime. A reliable BCDR solution that creates regular system backups is one of the most effective tools against ransomware.
7. Remember your cloud data is also at risk. In the Datto survey, one in five MSPs reported ransomware attacks in SaaS applications such as Office 365 and Dropbox. Ransomware is designed to spread across networks and applications, so endpoint and SaaS backup solutions for fast restores are critical.
8. Get help from experts. Strategy Analytics found that SMEs who don’t outsource their IT are at a higher risk from attacks. Unless you can employ full-time, qualified IT staff for 24/7 cyber security monitoring, rely on an MSP who has the resources and expertise to do this and who can react fast to new threats.
9. Choose your outsourcing partner carefully. MSPs are also increasingly targeted by ransomware. Check that they have cyber liability insurance, and that they can fall back on external expertise in the event of a large-scale attack that affects both them and their clients.
Ransomware has been around for a while but for cybercriminals, it is still a successful attack vector. It is certainly not going away any time soon. The vast majority of MSPs predict that the threat will only grow, with Internet of Things (IoT) devices and social media accounts among the next targets. For businesses, the time to act is now.
