Ransomware is real. If your customers are not among the one in six businesses already affected by it, they are almost certainly destined to be.
You are no doubt aware of ransomware as a fast-growing form of malware that infects a target machine, encrypts its hard drives, and demands an online payment from the target (typically in an anonymous crypto-currency like Bitcoin) in return for the decryption key. Without that key, victims can never recover their files again.
The concept of such an attack, in which the goal is to extort money from victims by denying them access to their files rather than exfiltrating valuable information from targeted systems, had been kicking around since the 1980s. For years, ransomware was little more than an annoying hacker stunt because collecting payment was difficult without leaving an electronic trail that law enforcement could follow. But in 2012, ransomware attacks began enjoying a resurgence, originally in the form of blockers that hindered users' access to their machines without encrypting their files. More effective versions using file encryption gradually overtook the simpler blockers in popularity. In both cases, the rise of blockchain technology and online payment systems like BitCoin that are based on it--affording ransomware attackers a screen of anonymity from police--was the real fuel that turned the ransomware threat from a flicker to a conflagration.
Ransomware as a Service
The most recent variants of ransomware have become much more effective and far more widespread. First, ransomware originators decided to mimic the legitimate SaaS industry, enlisting an army of criminal resellers to help distribute their malware. Operating a ransomware-as-a-service (RaaS) business enables ransomware programmers to focus on what they do best: honing their software’s ability to evade IT security defenses. RaaS makes a particular ransomware product available to anyone who wants to get into the online extortion business--no real coding skills required. These “resellers” focus on infecting as many machines as possible, using proven techniques like phishing and drive-by downloads, and paying a percentage of whatever ransoms they collect back to the RaaS providers.
This highly leveraged distribution model accounts for ransomware’s sudden virulence: Ransoms collected have swollen from a mere $50 million in 2015 to a projected $1 billion in 2016.
The typical ransomware attack costs the victim between $200 to $600 per machine. Ransomware gangsters have an incentive to make good on their end of the bargain to victims who pay: They must preserve a reputation for good customer service, just like legitimate MSPs, but victims who pay up may still get swindled. A few exceptionally unethical crooks write code that simply deletes users’ files. Others are unskilled enough that their decryption code fails. Still others may be caught by authorities, or disappear when threatened with capture, leaving victims in the lurch. But most who pay do get their files back.
The $75 Billion Problem
The rapidly growing effectiveness of ransomware and its distributors accounts for the FBI estimate that one in six businesses have already been afflicted by it, and that by 2017 nearly every business will be. Further, the costs reported by the FBI are almost certainly vastly underestimated. One, it’s based only on reported attacks, which many businesses likely hide for fear of damage to their reputations. Second, it doesn’t account for the cost to the business in lost productivity and business opportunity: how much a business loses in the two days of downtime it takes on average to recover from an attack. The real economic costs of ransomware could be as high as $75 billion.
There are two proven ways to mitigate the risks associated with ransomware: security and backup. A good security regimen will mitigate some of the risk. The most popular attack vectors are phishing emails with infected attachments or links to malicious websites, fake online ads that redirect users to malicious websites, and malware embedded in websites delivering pirated entertainment, pirated software or adult content. Other vectors include traditional vulnerabilities like unpatched Web servers and infected USB drives. Thus, a combination of endpoint anti-malware scanning, application whitelisting, behavioral anomaly detection, rigorous application patching, application and network firewalls, and end-user security awareness training can help reduce the number of successful attacks.
But given the ingenuity of the RaaS model--where the front end focuses on infection and the back end focuses on defense evasion--ransomware gangsters are keeping one step ahead of the IT security industry’s attempts to thwart them. Attackers are increasingly targeting businesses, notably in verticals like healthcare and finance, which have the money to pay the ransoms and big incentives to get back online quickly. It’s an arms race that the good guys are currently losing. Your customers suffering a successful ransomware attack is increasingly inevitable.
Backup: The Key To Preventing Ransomware
Fortunately, one mitigation tactic has proven foolproof against even the most pernicious ransomware: a meticulous backup regimen. Maintaining recent copies of storage resources makes it possible for a business to turn back the clock on any machine to the moment before it was infected, minimizing data loss without paying the thieves a penny. To protect against ransomware variants with worm capabilities--spreading over the local network to infect other machines--backup should also include a private or public cloud component as a safe offline haven.
As a leading provider of data protection solutions resold by MSPs, Acronis has produced a series of white papers, case studies, ebooks, and infographics to educate service providers on the threat of ransomware and how to offer data protection services to defeat it. For look at one U.S.-based MSP that is using Acronis data protection solutions to deliver ransomware mitigation services to its customers, download the case study, “MSP Pro River Technology Solves SMB Data Protection Challenges.” It’s a real-world example of the enormous business opportunity for MSPs to offer ransomware protection services based on hybrid backup solutions.
The Acronis Partner Program
If you would like to offer your customers the same peace of mind, consider joining the Acronis Partner Program.If you are interested in helping your customers understand more about how effective backup can help prevent ransomware, please visit our free resources page.
Jon McCarrick is Acronis Partner Technology Evangelist. Jon is a veteran in the cloud service provider space, having worked for Parallels and Open-xchange prior to joining Acronis. Jon's mission is to create an active community of service providers around the Acronis product line. Expect to visit with Jon at your favorite trade show or find him on your favorite social media platform.
Guest blogs such as this one are published monthly and are part of MSPmentor's annual platinum sponsorship.