The Stack Archive Feature

The swelling tide of ransomware and how to fight back

Fri 29 Sep 2017 | Rob Rae


Rob Rae of Datto Inc gives his assessment on the current state of ransomware and the ways in which businesses, particularly SMBs, can face up to the threat

Research that questioned more than 1700 managed service providers (MSPs), serving 100,000+ SMBs globally, has provided a number of unique insights into the state of ransomware in 2017, both from the perspective of both MSPs and SMBs.

The findings of the survey clearly show that ransomware is a threat to be taken seriously, with the number of attacks soaring in the period from second quarter 2016 to Q2 2017. In that period, an estimated 5% of global SMBs fell victim to a ransomware attack and nearly all (97%) of MSPs state that ransomware attacks have become more frequent in 2017.

Of those MSPs that report an increase in frequency, nearly 90% were able to cite an SMB client that had been recently victimized by ransomware, and a fifth could report six or more SMB client attacks, in the first half of 2017 alone. MSPs unanimously believe that this trend will continue, with 99% expecting frequency to increase over the next two years.

Responding to ransomware

As a result of ransomware, 75% of MSPs report that clients suffered from business-threatening downtime

There’s a general consensus in the security community that no organisation is entirely impervious to attack, and ransomware is no exception. It’s how businesses react to a ransomware attack that really matters.

It seems that an increasing number of SMBs are notifying authorities when attacks happen, and less are paying the ransom. In the period in question, approximately one in three attacks were reported to the authorities by SMBs, compared to one in four in the previous period – a marked improvement.

In a similar trend, 41% SMBs reported paying the ransom in the previous period. That figure is now down to 35%. It is important for businesses to bear in mind that 15% of those that paid still didn’t recover their data. That number rose to 21% in the UK. From Q2 2016 to Q2 2017, $301 million (approx. £221 million) was paid out to ransomware attackers.

Despite these eye-watering numbers, the ransom is a less important factor than the knock-on business impact. Downtime and data loss are more painful effects for businesses, with 75% of MSPs reporting that clients suffered from ‘business-threatening downtime’, and 57% experiencing loss of data or devices.

It is an unfortunate fact that the people behind these attacks are ruthless and greedy criminals. Around 30% of providers report than SMBs’ systems continued to carry a ransomware virus after the first attack, which struck again at a later date. Around a third of MSPs also reported that ransomware encrypted businesses’ backup, creating an even more complex recovery program.

What’s attacking who?

CryptoLocker is still top of the pile in terms of ransomware variants, but new, more virulent strains are appearing each day. Nearly 85% of MSPs which have been on the receiving end of a ransomware attack have witnessed CryptoLocker. Other common variants are Locky, CryptoWall and WannaCry, a new but already notorious addition.

Certain industry verticals find themselves attacked more than others. Those in construction, manufacturing and professional services are particularly at risk. Software-as-a-service applications are an increasingly popular target for attacks with well-known products such as G Suite, Dropbox and Office 365 often in the target lists.

Being able to successfully recover data from a point before the attack is the most effective business protection strategy – even more so than cybersecurity training and education

There is a significant disparity between how SMBs and MSPs perceive the threat of ransomware. 90% of MSPs reported feeling ‘highly concerned’ about the threat of ransomware on businesses they served, compared to only 38% of SMBs reporting the same level of concern.

A possible cause for this is a lack of basic, mandatory cybersecurity training in small businesses. Ignorance is bliss, but in this case, MSPs also cite a lack of security education as the number one cause of ransomware infections.

It has already been noted that businesses simply cannot avoid being attacked, and even with the best software and protection systems – including anti-virus, ad blockers, email filters, and regular updates, MSPs are still reporting successful breaches.

It is therefore imperative that businesses have a backup and disaster recovery solution in place. Being able to successfully recover data from a point before the attack is the most effective business protection strategy – even more so than cybersecurity training and education.

96% of MSPs reported that clients were able to fully recover from ransomware attacks with these types of protections in place. When we consider that business downtime and loss of data was reported to be far more damaging than payment of a ransom, backup and disaster recovery should be seen an essential part of any business’ digital strategy.


datto logoDatto provides business continuity solutions to secure the essential business data for thousands of companies around the world. Their integrated suite of services includes market-leading data backup and disaster recovery (BDR) offerings, Cloud-to-Cloud (C2C) backup services for leading SaaS applications, and innovative network continuity solutions.


Experts featured:

Rob Rae

VP of Business Development
Datto INC

Companies featured:


Cloud feature security
Send us a correction about this article Send us a news tip