Header of slide goeshere AlphaKOR RansomwareDefense Follow us on Twitter : @AlphaKOR Visit our Blog: www.AlphaKOR.com/blog
The Facts of the Presentation The 2019 AlphaKOR Ransomware Report is comprised of statistics pulled from a survey of over 2500 managed service providers (MSPs), like AlphaKOR, across the US & Canada with survey data extracted to show Canadian only responses. The report provides unique visibility into the state of ransomware from the perspective of the business owners and ITProfessionals who are dealing with these infections on a daily basis. The report provides a wealth of detail on ransomware, including year-over-year trends, frequency, targets, impact, and recommendations for ensuring recovery and business continuity in the face of the growing threat.
KeyFindings • Ransomware remains a massive threat to small-to-mid-sized • The aftermath of a ransomware attack can be crippling for a businesses (SMBs). From Q2 2016 - Q2 2018, 83% of SMBs business. When asked about the impacts of a successful reported ransomware attacks against their infrastructure. In attack, 70of MSPs report victimized clients experienced a the first 6 monthsof 2018alone,55 % reported increase of loss of business productivity. Morethan half report clients ransomwareattacks compared to the previous year. 92% of experienced business-threateningdowntime. MSPs predict the number of ransomware attacks will • The cost of business downtime is 7.5X greater than the cost of continueat current,orworse,rates based on poor client the ransom requested. Canada not only has the highest average education and a continued security by obscurity mindset. cost of ransom,but also the highestcost of downtime globally. • The average managed service providers (MSPs) report 4 of MSPsreport the averagerequestedransomfor SMBs is ~$8,764 these attacks within their client base per year. In the first CAD while the average cost of downtime related to a half of 2018,analarming3 7of MSPsreport clients suffered ransomware attack is~$65,724 CAD. multiple attacks in asingle day(upfrom 3 1from 2017). • CanadianSMBsreport Windowsasthe mosttargeted system by • There is mandatory reporting in place. PIPEDA legislation hackers. They are also seeing a rise in attacks on Apple and requires that RROSH breaches are reported to clients and Androidsystems. authorities https://www.priv.gc.ca/en/privacy-topics/privacy- • Ransomware infections in the cloud continue to increase breaches/respond-to-a-privacy-breach-at-your- year-over-year. Of MSPs that reportcloud-based malware business/gd_pb_201810/ infections,nearly 50calledout Office 365asthe target. • SMBs are largely in the dark about the frequency and severity • In comparison to other solutions, the most effective for of ransomware attacks. Nearly 90of MSPs are “highly avoiding downtime caused by ransomware is business concerned” aboutthe ransomwarethreat and33report their continuity and disaster recovery . Roughly 90% of SMBs SMB clients feel thesame. victimized clients with BCDR in place fully recovered from the • Lack of cybersecurity education is a leading cause of a attack in 24hours,or less. successful ransomware attack. MSPs rank phishing emails asthe top ransomwaredelivery methodfollowedbypooruser practices/gullibility and passwords/accessmanagement.
Ransomware Most Prominent Malware Threat to SMBs List of US and Canada client- based attacks against SMB’s in the last 2years (Cisco Umbrella Analytics for Canada 2018) 83% reporting clients struck by ransomware 65% reporting clients struck by viruses 56% reporting clients struck by spyware 54% reporting clients struck by adware 39% reporting clients struck by trojan horses 24% reporting clients struck by cryptojacking 24% reporting clients struck by rootkits 19% reporting clients struck by worms 18% reporting clients struck by keyloggers
Most SMBs Unaware of RansomwareRisk Only33% of 90% of SMBs MSPs report they are “highly think they shouldbe. concerned” about ransomware. According to a 2019 vendor study of Canadian SMB’s Here’s why ... There
CryptoLocker and WannaCry Reign Supreme notPetya CBT Locker CryptXXX 10% 12% 15% WannaCry 52% T orrent- Locker TelsaCrypt 9% 16% CoinVault 7% CryptoW all 42% Petya Sept 2013 19% BadRabbit CryptoLocker 6% 71% Locky SamSam Cerber 20% 5% 5% CrySis T akeaway: In Canada, a nefarious new strain of ransomware named Ryuk is causing chaos. 5% Already netting over $3.7Min Bitcoin sinceAugust 2018according to EndGadget, it’s not only targeting restaurant chains, but also healthcare organizations.
End User Error is the CommonDenominator T op CybersecurityVulnerabilities: T op Ransomware DeliveryMethods: 80% 32% of SMBSs of SMBs ViewAttachments Report Poor User ReportPhishing Practices/Gullibility Emails 29% of 25% of MSPs SMBs You Won’t Believe... Report Lack of End User ReportClickbait CybersecurityTraining 29% of SMBs 23% of SMBs Report Weak Report Malicious Passwords/Access Websites/WebAds Management
How Ransomware Works EMAIL-BASED INFECTION ! Email w/ Malicious Files Ransomware Encryption Key C2 Attachment Inaccessible Payload Infrastructure WEB-BASED INFECTION ! ! User Clicks a Link or Ransomware Encryption Key Encryption Key Files Malicious Malvertising Payload C2 Infrastructure C2 Infrastructure Inaccessible Infrastructure
Quebec Region Immobilized by Ransomware Attack The regional municipality of Mekinac in Quebec fell victim to a CryptoLocker ransomware attack in September, 2018. Mekinac’s servers were compromised after an employee opened and clicked on a link in a fraudulent email sent by the hackers. For two weeks, servers were disabled and employees were unable to work. Theattack not only impacted government employees, but also affected 10municipalities with a population of roughly 13,000people. Ransomware hackersdemand 8 units Bitcoin into a bank Employees Negotiated account, roughly equivalentto Return Ransom $65K toWork Down to $30K Retrieved lost dataafter 2 weeks ofdowntime September 25th2018 November 18th,2018 September 10th,2018 Serversare disabled for about 2weeks Sources: CTV News,CBC
Cost of Downtime Significantly Outweighs RansomRequested $65,724CAD $49,500USD $8,764CAD The cost of downtimeis $6,600USD 7.5xhigher A verage than theransom requested Ransom (per incident). T akeaway: Canada not only has the AverageCost highest average cost of ransom, but also ofDowntime the highest cost of downtime globally. 1 USD = 1.33 CAD per conversion rates in May 2019. *Cisco survey respondents of companies consisting of 50 or less employees. Answers inU.S. dollars.
Ransomware Attacks AreCostly Survery of SMB ownership experiencesfollowing a successful ransomwareattack (Geo Trend Canadian Survey 2018) 70% reported loss of business productivity 57% reported business-threateningdowntime 42% reported significant data loss 41% reported infection spread to other devices on the network 31% reported a loss of yearly profitability 31% paid a ransom and recovered the data B 29% reported amagedreputations 18% reported stolen data B 17% reported ransomware remained on systems, struck again! 14% reported IT staff failed to respond to adequately to the attack B 9% paid a ransom, data was neverreleased 8% reported failure to achieve regulatorycompliance
No Industry is Safe from Ransomware Industries victimized by ransomware Construction/ Manufacturing44% Non-Profit24% Finance/ Insurance22% Architecture/ Professional Design9% Services32% Legal19% Real Estate17% Education 9% Energy/Utilities: 9% Retail19% Travel/Transportation 1 1% Healthcare21% Consumer Products 8% Media/Entertainment:5% T elecom:3% Government:7% High T echnology: 3% Agriculture:1%
Ransomware Will Creep into the Cloud 24% of MSPs have seen ransomware attacks in SaaS applications (up 2% from last year) Of the 24% : 56% Report O365Infections (up 34% from lastyear) 25% Report G Suite Infections (up 17% from last year) Geo Trend: Globally in 2019, 28% of MSPs report ed ransomware infections in cloud- based applications vs 24% in Canada.
SMBs Report Windows as Most Targeted System byRansomware 80% Windows 1 1% 5% 4% 3%2017 macOS Android iOS T akeaway: Mac ransomware attacks are growing. Thenumber of MSPs reporting OS attacks increased by 8 from 2017 to 2018.
NoOne SystemCan Entirely Prevent Ransomware 85% of SMBs Report usershad 69% of Antivirus Installed SMBs Report users had Email/Spam Filters 31% of MSPs Report usershad Pop-Up Blockers T akeaway: As no single solution is guaranteed to prevent ransomwareattacks, a multilayered portfolio is highly recommended.
The Five Most Effective solutions for Ransomware Firewall or Unified Threat #1 Management Equipment #2 Antivirus/Malware #3 Business Continuity/Disaster Recovery #4 PatchManagement Employee and #5 Executive Training T akeaway: Ransomware attacks will inevitablyhappen. T o protect clients and effectively respond to attacks, BCDR and UTM is crucial to preventdowntime. *BCDR: Business Continuity and DisasterRecovery *UTM – Universal Threat Management
Recommend
More recommend