Ransomware is a global problem that is only getting worse, as evinced by Datto’s 2018 Global State of the Channel Ransomware Report. The report surveyed more than 2,400 IT professionals, including many who work for Managed Service Providers (MSPs). Kim Crawley at Cylance summarizes Datto’s report and highlights the trends that show why ransomware is such a dangerous threat.
First, ransomware targets every industry. Attackers who use ransomware often don’t care who their targets are as long as they’ll pay to restore their systems. This accounts for the indiscriminate, infectious nature of ransomware like WannaCry. The more systems that are infected, the higher the potential return is for the attackers.
The vectors through which ransomware can infect a system have increased as well. The report shows that 86% of ransomware victims had antivirus software installed, 65% had email and spam filters in place, and 29% were using pop-up blockers. One of the top infection vectors for ransomware is vulnerable Remote Desktop Protocol ports. With such a wide variety of entry points, organizations have a very difficult time locking down every one.
Additionally, while ransomware most commonly affects Windows systems, 9% of MSPs have seen it infect macOS, 8% have seen it on Android, and 5% have seen it on iOS. Crawley notes that the number of MSPs reporting ransomware affecting macOS and iOS has increased by 500% from Datto’s 2017 report.
Finally, as organizations and consumers begin using more and more IoT devices, ransomware could begin threatening human lives on a much wider scale. 39% of MSPs expect the malware to begin targeting self-driving cars, and 37% of MSPs predict that it will start to affect medical devices.
In the face of this growing threat, organizations need to take every measure possible to defend themselves against ransomware. While technical safeguards are essential, they won’t stop every threat. Employees need new-school security awareness training so that they don’t fall for phishing or other social engineering techniques that could allow ransomware to gain access to their systems.