Here are best practices for channel partners to protect themselves and their customers against ransomware.

4 Min Read
ransomware backup
Getty Images

While ransomware has been dominating the news cycle for the past few weeks, organizations across many industries including healthcare, education and retail have been dealing with the massive threat for years. And, even though we’ve seen a huge spike in attacks as of late, the number of ransomware attacks is actually trending downward. What’s scary, however, is that the severity of ransomware attacks is climbing way up, as we’ve recently seen with incidents like the ones affecting Colonial Pipeline.

According to Sophos’ The State of Ransomware 2021 report, based on findings from an independent survey of 5,400 IT managers in midsize organizations in 30 countries across the globe, the number of organizations being hit by ransomware is down 14% year over year. However, the financial impact of an attack has more than doubled, increasing from $761,106 in 2020 to $1.85 million in 2021.

We expect this is due to ransomware gangs deploying more advanced tactics, techniques and procedures (TTPs) that are harder to recover from, as well as to these gangs going after more lucrative targets. The report finds that larger organizations with thousands of employees are more likely to be attacked by ransomware than smaller companies, indicating that ransomware attackers are drifting toward targeting larger victims capable of paying bigger ransoms.

In response to these devastating attacks, businesses, like Colonial Pipeline, are increasingly paying the ransom to get their data back–32%, up from 26% in 2020. And, while Colonial was lucky enough to recover some of the money it paid in ransom to the DarkSide attackers, that is not the typical outcome. In fact, less than one in 10 organizations get all of their data back after paying the ransom, never mind the money they paid.

The report also provides insight into how different countries and sectors have been affected by ransomware during the last year. Some highlights include:

  • India reported the most ransomware attacks, with 68% of respondents saying that they were hit last year. Conversely, Poland (13%) and Japan (15%) reported the lowest levels of attack.

  • Geographical neighbors Austria and the Czech Republic are poles apart when it comes to ransomware recovery costs: Austrian respondents reported the highest recovery cost of all countries surveyed, while Czech respondents reported the lowest.

  • Retail and education (both 44%) were the sectors that reported the highest levels of attack.

  • Energy, oil/gas and utilities are most likely to pay the ransom (43%).

Protecting You and Your Customers from Ransomware

Considering these findings, Sophos experts recommend the following best practices for channel partners to protect themselves and their customers against ransomware:

  1. Assume you will be attacked. If you’re one of the 22% who thinks they won’t be attacked by ransomware in the near future, it’s time to rethink. No one is immune, and everyone is a target.

  2. Constantly backup your data. Backups are the prime method for restoring data after an attack. This is especially important with ransomware, as even paying the ransom is no guarantee you’ll get all of your data back. (To the contrary, you’re almost guaranteed not to get all of your data back.)

  3. Just don’t pay the ransom. This is easier said than done, but the fact is that paying your attacker just isn’t an effective way of getting back your data–which is why you’d pay the ransom in the first place. That said, if you do choose to pay, make sure you’re factoring into your cost-benefit analysis that you’re likely to get back no more than about two-thirds of the data that was encrypted or stolen–and that you almost definitely won’t get back all of it.

  4. Set up your incident response plan now. The best offense for dealing with a ransomware is a good defense–in this case, an incident-response, malware recovery plan. Many businesses that get attacked by ransomware learn too late that preparing this in advance could have saved them a lot of money, pain and downtime.

  5. Prepare your defenses. Examine the security capabilities you have and make sure you have the right security protection in place.  No one solution is perfect, but it can vastly reduce the risk of an attack if you’re deploying high-quality defenses such as endpoint protection, firewalls and identity security.

To learn more about today’s ransomware landscape, click here.

 This guest blog is part of a Channel Futures sponsorship.

Read more about:

MSPs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like