Published: December 6th, 2017

While it’s no secret the number of cyberthreats, and in particular, ransomware attacks, have significantly risen in the last couple years, their impact on the channel has flown under the radar – until now.

A new study by business continuity solutions and market data company Datto, titled “State of the Channel Ransomware Report – Canada” has found that 98 per cent of Canadian managed service providers (MSPs) say ransomware incidents rose in 2017 and will continue to rise over the next two years.

Approximately 83 per cent of MSPs reported that they had clients suffer from ransomware attacks in the last two years. In fact, more than a third of Canadian MSPs say they witnessed multiple attacks against clients in a single day, turning the question of whether a business will be attacked by ransomware into a matter of when, not if.

SMBs are vulnerable and unprepared

In Canada, an estimated four per cent of small to medium-sized businesses (SMBs) fell victim to ransomware in 2016-2017, however, less than a third of attacks are reported to the authorities.

The Datto report also discovered that 32 per cent of SMBs actually paid the ransom demands – but of those that ponied up the cash, 13 per cent of them still never received their data back. Almost half of all ransom demand for Canadian businesses fall between $500 to $2000, with the total ransom paid by Canadian SMBs to hackers reaching approximately $5.7 million in 2016-2017.

The damage is done before you even know it

When it comes to the most damaging aspect of ransomware attacks, however, most businesses say it’s not the price of getting their data back, but the loss of data itself and the business-threatening downtime.

Interestingly, the construction and manufacturing sectors are the most targeted industries in Canada (38 per cent reported ransomware attacks in the last year), followed by professional services companies, non-profit organizations, healthcare and finance/insurance, and travel/transportation.

Put your guard up

More than a third of Canadian MSPs report that they’ve seen ransomware infections in cloud-based applications (compared to 26 per cent globally). The most common software-as-a-service applications (SaaS) to be hit are Dropbox, Office 365, G-Suite, and AWS.

And while no single operating system is safe, 100 per cent of Windows-based clients saw infections in 2017, compared to only three per cent of OS X and Linux customers respectively, and one per cent of Android users.

Are you prepared?

Despite all the coverage of cyberthreats and ransomware attacks over the last couple years, the message doesn’t seem to be hitting home for most businesses. While almost every single Canadian MSP say they are “highly concerned” about ransomware, only 34 per cent of SMBs feel the same.

Most ransomwares start because of phishing emails, according to the Datto report, but a lack of cybersecurity training is another huge problem. MSPs recommend businesses adopt a multilayered approach to protect themselves, including antivirus software, email spam filters, patched/updated applications, ad/pop-up blockers, and cybersecurity education. Having a backup and disaster recovery system and plan, however, is crucial.

Datto surveyed over 200 Canadian MSPs for these results.