Cost of Downtime from Ransomware Nearly Doubles this Year

The cost of downtime from ransomware attacks has skyrocketed this year, now 50 times the ransom amount demanded by cybercriminals.

That’s according to Datto’s fifth annual Global State of the Channel Ransomware Report. More than 1,000 MSPs weighed in on the impact COVID-19 has had on the security of SMBs. It also covers other notable trends driving ransomware breaches.

The survey found that ransomware remains the most common cyber threat to SMBs. Sixty percent of MSPs said SMB clients have been hit as of the end of the third quarter.

The impact of such attacks keeps growing. The average cost of downtime is now 94% greater than in 2019. And it’s nearly six times higher than it was in 2018. The number has jumped from $46,800 to $274,200 over the past two years.

Phishing, poor user practices, and lack of end-user training continue to be the main reasons ransomware attacks are successful.

Ransomware Epidemic

Ryan Weeks is Datto’s CISO. He said the rate at which the cost of downtime is increasing “really puts the ransomware epidemic in perspective.”

Datto’s Ryan Weeks

“These numbers point to the importance of having a business continuity plan as well as the security tools in place to safeguard against such devastating and costly attacks,” he said.

The survey also revealed:

“We are seeing more risk for health care organizations,” Weeks said. “While this is likely in part due to the current pandemic, we’re also finding that attackers are after more than just ransom payouts. They want intellectual property, too. This is a newer challenge for health care institutions to navigate as they manage sensitive information around vaccine trials and patient data.”

In addition, election security remained in the spotlight for much of 2020, he said.

“Ransomware had its fair share of election-related news this year, prompting many agencies and institutions to pay close attention to their systems,” Weeks said. “While these organizations are typically on high alert, this year’s election created additional hurdles. Perhaps most notably, security experts were able to take down the servers behind Trickbot, an enormous malware network that criminals were using to launch other cyberattacks, including a strain of highly potent ransomware. Officials believed that this attack could have indirectly affected election infrastructure if allowed to continue.”

COVID-19 Brings More Attacks

Many MSPs reported the number of ransomware attacks and security vulnerabilities increased during COVID-19, Weeks said. That’s due to the increase in remote work and cloud computing.

“However, it is worth pointing out that it wasn’t an overwhelming increase, but more of an even split between those who saw an increase and those who did not,” he said. “This implies that ransomware has been and will continue to be a problem for organizations. And the pandemic simply accelerated the rate at which we are seeing attacks.”

Increased risk is due to user carelessness and security vulnerabilities associated with bring-your-own-device policies, Weeks said.

“With the many changes that arose in 2020 (i.e remote work, health risks, etc.), organizations lowered their guard in order to address new challenges resulting in increased risk,” he said. “Additionally, personal devices have been introduced to corporate/business environments despite objections. And finally, there are significant additional remote work security threats, from device theft to family members using corporate machines for personal work/study.”

Top Ransomware Attacks

The top three ways ransomware is attacking entities are phishing emails, SaaS applications and Windows endpoint systems applications.

The report does show progress in the fight against ransomware, Weeks said.

“Organizations are putting spend behind the right tools to defend against ransomware threats,” he said.

“Now more than ever, organizations need to be vigilant in their approach to cybersecurity, especially in the health care industry, as it’s managing and handling the most sensitive (and for criminals the most valuable) private data,” said Travis Lass, president of Xlcon, a Phoenix-based MSP. “The majority of our clients are small health care clinics with no in-house IT. As ransomware attacks continue to increase, it’s critical we do everything we can to support them by arming them with best-in-class technology that will fend off malicious attackers looking to take advantage of the already fragile state of the health care industry.”