Accurate and detailed figures on data breaches in Canada from are hard to come by, so we have to rely on vendor surveys. The latest, from data protection provider Datto of its managed security service provider customers in Canada, gives some insight into the depth of the problem of ransomware here.
According to the survey of just over 200 providers, small and medium-sized businesses here paid out $5.7 million to attackers in the 12 months that ended in Q2 2017.
If the survey is representative of all SMBs in Canada, about four per cent of small to medium-sized businesses were hit by ransomware during the study period.
The providers were told that 32 per cent of those who admitted being hit paid the ransom.
For CISOs who hope paying a ransom will get them a key to decrypt locked data, remember this: 13 per cent who paid told their providers they didn’t recover their data.
Eighteen per cent of providers said six or more of their SMB clients faced attacks in the first half of 2017 alone.
Here’s another interesting factoid: 31 per cent of Canadian MSPs said their customers had faced multiple attacks in a single day. That number alone suggests SMBs are doing at least one – if not two – of basic cyber security things wrong: Not patching software enough, and not educating staff enough about being careful about clicking on attachments.
Typically, ransom demands aren’t big: Survey respondents said 43 per cent of their customers reported a ransom demand was between $500 and $2,000. Only a few had to pay over $10,000.
However, paying wasn’t the big cost of being stung: It was downtime and, for those who couldn’t recover, the data loss. Seventy per cent of MSPs surveyed said their clients experienced business-threatening downtime.
More sobering facts:
–13 per cent of providers surveyed said that it wasn’t easy cleaning up after an attack. Ransomware stayed on their clients’ systems after the first attack and struck again later;
–even worse, 33 per cent said the ransomware encrypted the customers’ backup.
That suggests customers weren’t careful to separate backup from production environments, and/or they didn’t scan the backup for possible infection.
Moving to the cloud isn’t a complete defence: Ransomware also hit Dropbox (the biggest in this category), Office 365, Google G-suite and AWS.
Ther are a wide variety of ransomware strains, but the most common trio during the survey period were CryptoLocker, CyrptoWall and Locky.
By the way, one of the reasons why there’s a lack of solid data here, and around the world, is that cyber crimes are under-reported by business victims. According to this survey, for example, 28 per cent of providers said customers victimized by ransomware didn’t report the incident to police.
Infosec professionals agree the best defence against ransomware is a backup and recovery process that is regularly tested. It’s also vital to regularly remind staff that because a prime way ransomware infections spread is through email they need to know how to recognize and avoid phishing scams.
Read the full report here. Registration required.