A new ransomware report from IBM Security finds that nearly one in two business executives have experienced ransomware attacks in the workplace, and 70 percent of those executives said their company has paid to regain access to encrypted data. In fact, half of those that have paid a ransom paid more than $10,000, with 20 percent admitting they paid more than $40,000.
In addition, the report finds that nearly 60 percent of respondents indicated they would be willing to pay a ransom to recover data, and 25 percent said that depending upon the data type they would be willing to pay between $20,000 and $50,000 to regain access.
Only 29 percent of small businesses surveyed have experienced ransomware attacks, though, compared to 57 percent of medium-size businesses. But accounting for both business and consumer victims, the FBI now estimates that ransomware is already a $1 billion industry.
An evolving threat
Going into 2017 things appear likely to get much worse before they get better. Not only are more sophisticated strains of ransomware being discovered, in some cases part of the ransom being demanded is for victims to further spread the message that was originally used to deliver the ransomware. While there’s no defense against ransomware itself, the good news is that tools designed to discover the presence of malware that includes the encryption software used in ransomware are getting better.
In the meantime, IBM Security recommends that organizations should teach end users to be more cautious when opening attachments and clicking links — and to make sure data is backed up and that the process for recovering that data has been tested. IT organizations are also advised to disable all macros and make sure all software is regularly updated.
Of course, most organizations have historically been shown to not be particularly consistent about any of these activities. For example, the IBM study finds that only 30 percent of small businesses surveyed offer security training to their employees, compared to 58 percent for larger companies.
MSPs on the ransomware frontline
Managed service providers clearly have a major role to play in combating the ransomware scourge. It’s simply too easy to fool an end user into clicking on or downloading something they shouldn’t. IT organizations need to work with MSPs to have a battle-tested plan in place to combat ransomware. That means crafting an end-to-end incident response plan specifically for ransomware, spanning everything from isolating the malware that initially delivered the ransomware to being able to quickly recover clean copies of the encrypted data.
Unfortunately, ransomware will most likely become a $2 billion industry before any permanent solution to the problem gets employed. But, each successive attack serves to make organizations more aware of just how vulnerable they are, and that makes them more likely to seek some external expertise. After all, it should be obvious to everyone concerned by now that defending against ransomware requires an integrated approach to IT security and data protection.
The real challenge is putting the processes in place that turn that understanding into a repeatable set of processes to protect the business. Some internal IT organizations may be able to figure that out on their own, but rather than trying to gain that hard-won experience, most businesses will be much more interested in relying on proven processes developed by MSPs to effectively mitigate ransomware risks. The biggest challenge facing MSPs now is educating customers on the fact that those processes exist in the form of a service that can be implemented starting tomorrow.