WIXLIB

ReportDatto’s Global State of the ChannelRansomware ReportFollow us on:Visit our blog: www.datto.com/blog

About the ReportDatto’s Global State of the Channel Ransomware Report is comprised of statistics pulled from asurvey of 1,400 managed service providers (MSPs), our partners, and clients, around the world. Thereport provides unique visibility into the state of ransomware from the perspective of the IT Channeland their SMB clients who are dealing with these infections on a daily basis. The report provides awealth of detail on ransomware, including year-over-year trends, frequency, targets, impact, andrecommendations for ensuring recovery and continuity in the face of the growing threat.To learn more about the report, please reach out to Katie Thornton, Director of Content & MarketingPrograms at Datto, Inc.About DattoAs the world’s leading provider of IT solutions delivered by Managed Service Providers (MSPs),Datto believes there is no limit to what small and medium businesses can achieve with theright technology. Datto offers business continuity and disaster recovery, networking, businessmanagement, and file backup and sync solutions, and has created a one-of-a-kind ecosystemof partners that provide Datto solutions to businesses across the globe. Since its founding in2007, Datto continues to win awards each year for its rapid growth, product excellence, superiortechnical support, and for fostering an outstanding workplace. With global headquarters in Norwalk,Connecticut, Datto has international offices in the United Kingdom, Netherlands, Denmark,Germany, Canada, Australia, China, and Singapore. Learn more at datto.com.

Key Findings Ransomware remains the most prominent malware threat. In2019, 85% of MSPs report ransomware as the most commonmalware threat to SMBs. The aftermath of a ransomware attack can be a nightmare forany business. Nearly half of MSPs report victimized clientsexperienced business-threatening downtime. In the first half of 2019 alone, 56% of MSPs report attacksagainst clients. 15% of MSPs report multiple ransomwareattacks in a single day. The average ransom requested by hackers is increasing.MSPs report the average requested ransom for SMBs is 5,900, up 37%, year-over-year. On average, 1 in 5 SMBs report that they’ve fallen victim toa ransomware attack. SMBs who don’t outsource their ITservices are more at risk.* Downtime costs are up by 200% year-over-year, and thecost of downtime is 23X greater than the average ransomrequested in 2019. When it comes to the ransomware threat, there is adisconnect between MSPs and SMBs. 89% of MSPs are “veryconcerned” about the ransomware threat and 28% report theirSMB clients feel the same. 92% of MSPs report that clients with BCDR solutions in placeare less likely to experience significant downtime during aransomware attack. 4 in 5 MSPs report that victimized clientswith BCDR in place recovered from the attack in 24 hours, orless. MSPs rank phishing emails as the leading cause of successfulattacks. Lack of cybersecurity training, weak passwords, andpoor user practices are among the other top causes. SMBs aren’t the only businesses being targeted by hackers.4 in 5 MSPs agree that their own businesses are beingincreasingly targeted by ransomware attacks.*Source: Strategy Analytics’ proprietary research of the North American SMB market.3 datto.com

A Variety of Malware Targeting SMBsWhich of the following types of malware haveaffected your clients in the last 2 years?61%of MSPsreport SMBsstruck by viruses54%of MSPsreport SMBs46%of MSPsreport SMBs29%of MSPsreport SMBs26%of MSPsreport SMBsstruck by adwarestruck by spywarestruck by cryptojackingstruck by remote access trojans20% of MSPs report SMBs struck by rootkits18% of MSPs report SMBs struck by worms14% of MSPs report SMBs struck by keyloggers13% of MSPs report SMBs struck by exploit kits*Survey respondents were able to select multiple answer choices.4 datto.com

Ransomware is #1 Malware Threat to SMBsAmong the malwarethreats impactingSMBs, ransomwareis the biggest offender.85%attacks against SMBsof MSPsreportin the last two yearsIn the first half of 2019 alone,56%of MSPsreportattacks against clients15%of MSPsreportmultiple ransomwareattacks in a single dayGeo Trend:In Australia and New Zealand, 91% of MSPs reportattacks against SMBs in the last two years, thehighest rate globally.5 datto.com

The State of Ransomware and SMBs1 in 5 SMBsreport that they’vefallen victim to aransomwareattack.*On average, SMBs who don’toutsource their IT servicesreport facing moreransomware attacks.**Source: Strategy Analytics’ proprietary research of the North American SMB market.6 datto.com

Ransomware Awareness: SMBs vs. MSPs89%of MSPs reportSMBs should be ‘veryconcerned’ about the threatIn 201928%of MSPs reportSMBs are ‘veryconcerned’ aboutransomwareThere is adisconnect betweenSMBs and MSPs on thesignificance of theransomware threat.7 datto.com

Ransomware Continues to Creep Past Cybersecurity SolutionsMSPs report clients fell victim to ransomwaredespite having implemented the following:Antivirus softwareEmail/spam filtersAd/pop-up blockersEndpoint detection and response platformTraditional cybersecurity solutions likeantivirus and email/spam filters are no matchfor many cyber attackers. MSPs need to takea multilayered approach to ransomware, withbusiness continuity at the core.8 datto.com

SMBs Continue to Take the BaitWhich of the following are theleading causes of ransomware?67%of MSPsreportphishing emails36%lack of cybersecurity trainingof MSPsreport30%weak passwords/access managementof MSPsreport25% of MSPs report poor user practices/gullibility16% of MSPs report malicious websites/web ads16% of MSPs report clickbaitPhishing, lack of cybersecuritytraining, and weak passwords arethe top three causes of successfulransomware attacks.*Survey respondents were able to select multiple answer choices.9 datto.com

Ransomware Attacks: The AftermathWhich of the following consequences resulted from a ransomware attack?64%of MSPsreportloss of business productivity33%of MSPsreportinfection spread to other devices on the network45%of MSPsreport29%of MSPsreport34%of MSPsreport24%of MSPsreportbusiness-threatening downtimelost data and/or deviceCalculate the cost ofpotential downtime with theDowntime Cost CalculatorCALCULATE*Survey respondents were able to select multiple answer choices.decreased client profitabilityclients paid a ransom and recovered the data18% of MSPs report damaged reputations12% of MSPs report stolen data10% of MSPs report ransomware remained on system and struck again!7% of MSPs report failure to achieve regulatory compliance6% of MSPs report failure to meet SLA requirements4% of MSPs report clients paid ransom but data was never released

Ransom, Downtime Costs, SkyrocketWhen it comes to ransomware attacks,MSPs report the cost of downtime is23Xgreater than theransom requestedAverage Ransom2018 4,3002019 5,900BBMSPs report the averagecost of ransom increasedby 37% from previous yearAverage Cost of Downtime2018 46,8002019 141,000*All survey respondents answered in U.S. dollars.BThe average downtime costper incident has soared over200% from previous yearGeo Trend:In Canada, MSPs report the highestaverage cost of downtime at 180,000.11 datto.com

CryptoLocker Remains Household NameWhich of the following strains of ransomware have affected your clients?66%of MSPsreportCryptoLocker49%WannaCryof MSPsreport34%of MSPsreport24%of MSPsreportCryptoWall00:00:35Locky00:00:35For the 4th consecutive year, MSPs reportCryptoLocker as the top ransomwarevariant attacking clients.*Survey respondents were able to select multiple answer choices.12 datto.com17% of MSPs report Petya14% of MSPs report CryptXXX12% of MSPs report notPetya11% of MSPs report TeslaCrypt10% of MSPs report Emotet (NEW)7% of MSPs report CBT Locker7% of MSPs report TorrentLocker7% of MSPs report CrySis6% of MSPs report Bad Rabbit5% of MSPs report Wallet (NEW)4% of MSPs report CoinVault

Industries Rocked by Ransomware32%Construction and Manufacturingof MSPsreportmost targeted by ransomwareIt’s not surprising that Construction and Manufacturing are top targets forransomware. These industries are in a constant wave that flows with theups and downs of the economy. Because of this, much of their work isproject-based and recurring revenue is rare. As a result, it makes itdifficult to invest in IT staffing or IT services that require monthly fees.Vince Tinnirello, Managing Director, Anchor Network Solutions, Inc.31% Professional Services23% Healthcare20% Finance/Insurance18% Non-Profit18% Legal15% Retail12% Real Estate9% Architecture/Design9% Government8% Education7% Consumer Products5% Travel/Transportation6% Media/Entertainment4% High Technology4% Energy/Utilities2% Telecom11% Other/None*Survey respondents were able to select multiple answer choices.13 datto.com

Windows Endpoint Systems Most Targeted by Hackers89%ransomware infectingof MSPsreportendpoint systemsOf the 89%.87%of MSPs reportattacks onWindows PC11% of MSPs report attacks on Windows Tablet7% of MSPs report attacks on MacOS X5% of MSPs report attacks on Android3% of MSPs report attacks on iOSGeo Trend:In Europe, 10% of MSPs reportransomware infecting Android systems,exceeding the global average of 5%.*Survey respondents were able to select multiple answer choices.14 datto.com

Ransomware Descends Over Office 36528%ransomware attacksof MSPsreportin SaaS applicationsOf the 28%:64%SMBs report 11% to 50% of their ITinfrastructure is based in the cloud.This is expected to increase over thenext 3 years, where most expect 21%to 75% to be in the cloud.**of MSPs reportattacks within(up from 49% in 2018)47%of MSPs reportattacks within18%of MSPs reportattacks within6% of MSPs report attacks within Box2% of MSPs report attacks within Salesforce*Survey respondents were able to select multiple answer choices.**Source: Strategy Analytics’ proprietary research of the North American SMB market.Geo Trend:In Australia and New Zealand, 37% of MSPsreport attacks on SaaS applications, thehighest rate globally.15 datto.com

Most Common Ransomware Recovery MethodsWhich methods have you used to recover a client from a ransomware infection?69%reimaging a machineof MSPsreport53%of MSPsreport37%of MSPsreportvirtualizing the systemfrom a backup imagerunning softwareto cleanup threat16% of MSPs report downloading apurpose-built software tool designedfor ransomware recovery15% of MSPs report relying onendpoint antivirus to recover12% of MSPs report finding adecryption keyHow Rapid Rollback Helps MSPsRecover Clients from Ransomware16 datto.com*Survey respondents were able to select multiple answer choices.

It can be difficult to identify the source of a ransomware threat or howlong that threat has been latent in a given environment. Because of that,we suspect MSPs are using a variety of methods to recover clients ona case-by-case basis. Today’s MSPs need robust recovery plans thataddress the tactics of the different threats their clients are facing. Theycan achieve this by selecting vendors who offer multiple recovery optionsthat can be customized based on the incident at hand. They should alsodevelop a plan to assure the safe operating state of a backup wherethreats may have lain dormant for a period of time.Ryan Weeks, Chief Information Security Officer, Datto, Inc.