Just months after Aussie businesses were hit by Petya ransomware and just days after businesses in several regions around the world were subject to cyber attacks using ransomware called "BadRabbit", local channel players offer up their insights into the current malware landscape and its risks.
The local channel perspective comes not long after data protection vendor, Datto, released its State of the Channel Ransomware Report, suggesting that more than $301 million was handed over to hackers in the past year.
The research also revealed that the Australian and New Zealand region in particular scored highest when it came to ransomware attacks -- but not in a good way -- paying the highest amount and suffering multiple attacks per day, when compared to other regions.
The report indicated that ransomware hackers were asking for between US$500 and US$2000 with about 44 per cent of A/NZ MSPs reporting that end users paid the ransom, which was higher than any other region where globally, this figure stood at 35 per cent.
Out of those customers that did pay the ransom amount, about 15 per cent never recovered their data.
It’s not so much about paying the ransom that SMBs were financially worried about, according to the report, but rather that business downtime was the bigger concern (75 per cent) in comparison to loss of data or devices (57 per cent).
Datto A/NZ regional director, James Bergl, said education was still a relevant factor, particularly pertaining to the true cost of a ransomware attack on a small business.
"A lot of small businesses haven’t attributed the true downtime of an attack,” he said. “They may think it’s only $3000 dollars, but if they’ve got 30 staff, that are unproductive for a few days, then they could be looking at about $50,000 worth of downtime.
"Education is about putting the hard figures in and realising that the true cost of ransomware is far more than just that $3000.”
CryptoLocker was still reigning in A/NZ at 85 per cent, but more aggressive strains were launching daily with MSPs also indicating that 31 per cent were hit with CryptoWall; 24 per cent with Locky and 21 per cent reporting WannaCry attacks against their clients.
Interlinked CTO, Nick Vassiliades, said the WannaCry outbreak really put the spotlight on customers to seriously consider the severity of a ransomware attack. Interlinked is a Datto partner.
“Encryption threats and ransomware are the new status quo,” he said.
Despite acknowledging how a security breach like WannaCry can severely impact their business, some customers can’t afford the costs associated with upgrading their software across their entire network, he said.
One prime example that Vassiliades highlighted was a kitchen manufacturing customer that relies on using robotics and their list of suppliers that were still running on Windows XP.
“They’re stuck in limbo because no one is supporting XP anymore, but to upgrade will cost them a lot of money with their robotic devices," he said. "Now, we normally don’t back-up end points, but because this was such a high risk and impact to the business, we had to put things in place to isolate each robotic device.
"Some customers do want to do the right thing and the back-up solution itself isn’t the biggest cost, it’s the other inherent problems they have internally that won’t allow them to do it."
Dynamic Business Technologies managing director, Nathan Franks, noticed that his SMB customers were mostly concerned with phishing attacks, which were harder to mitigate, but on the ransomware front, he said there was a bit of a slowdown with user initiated ransomware.
“We had a case where a customer’s remote desktop server was compromised and the incumbent IT provider couldn’t work out what was going on,” Franks said.
“We got involved, investigated the incident and found a random user sitting there downloading stuff and chatting to people. There was a fair bit of work involved to compromise the server just so he could set it up as a chat channel.”
To prevent this breach from happening again, Franks said they secured the customer’s remote desktop server.
Globally, five per cent of SMBs were victims of ransomware from Q2 2016 to Q2 2017. In A/NZ 92 per cent of managed service providers (MSPs) reported attacks from 2015 - 2017, which is higher than any other region surveyed.
About 35 per cent also reported that their SMB customers were hit multiple times a day with ransomware and 48 per cent of MSPs reporting that ransomware encrypted a customer’s back-up.
Looking across the different market sectors, the construction and manufacturing industry experienced the highest amount of ransomware attacks at 61 per cent, followed by finance and insurance (42 per cent), non-profit organisations (32 per cent) and healthcare (31 per cent), according to the report.
Particularly in A/NZ, 79 per cent of MSPs said none of the ransomware attacks were reported to authorities, which was higher than any other region that was surveyed (globally this was 68 per cent).