The Unitrends MSP State of Ransomware Survey Report 2021 focuses on the current and future landscape of ransomware and the preventive approaches from managed service providers. Survey responses were gathered from more than 200 IT professionals from MSP organizations worldwide.

To report the findings, we have aggregated data by organization employee size, the number of endpoints managed and vertical/industry focus.

For many respondents, the COVID-19 pandemic forced their clients to rethink the way they operate, leading MSPs to revamp their service offerings. The majority of clients are looking to adopt long-term remote and hybrid work and will seek the help of MSPs to adapt to the new nature of work and keep pace with the changes.

The Unitrends MSP State of Ransomware Survey Report 2021 offers a wealth of data and useful insights to help you and your clients prepare against ransomware and other advanced cyberthreats.

Key Findings

Here are three key findings from the report:

1. Most Clients Were Victims of Ransomware

It’s estimated that an organization falls victim to a ransomware attack every 11 seconds. These attacks come in the form of increased lateral movement through an infected client to disable as many machines as possible, spear phishing and more.

2. Clients Are Not Actively Prepared To Face a Ransomware Attack

The work-from-home (WFH) and hybrid models have given way to more distractions, resulting in less focus on safety protocols and poor IT visibility, as well as the rise in the adoption of Shadow IT. Undoubtedly, poorly prepared corporate servers face high potential risks as remote employees connect from less secure networks.

3. MSP and MSSP Partnerships Are on the Rise

MSP organizations are increasingly partnering with managed security services providers (MSSPs). The concern over cybersecurity plays a key factor for this growing partnership since MSSPs provide expertise on tactical threat hunting, monitoring and analysis, enabling internal security teams to focus on more strategic security projects.

Concerns Over Ransomware

While most MSPs are concerned about the threat of ransomware, 43% indicate that they are very concerned. However, unlike MSPs, clients do not share the same level of concern. Although clients are aware of the threat ransomware poses, only 25% of them are very concerned about it. This gap in concern between MSPs and clients makes for an unpredictable ransomware landscape.

Causes of Ransomware

Phishing, lack of security awareness and compromised credentials are the leading causes of ransomware. Preventing these attacks demands a comprehensive, layered defense. However, many MSPs fall short of ideating a defense plan due to a poor IT budget and a lack of executive buy-in. It appears the current MSP infrastructure is not in a position to combat advanced cybersecurity attacks, especially those caused by social engineering.

Ransomware Targets

A staggering 41% of ransomware attacks are targeted towards Windows 10 while another 37% target various versions of Windows Server OS. That said, nearly 1 in 10 attacks targeted an OS other than Windows, such as macOS and Linux. Traditional targets are being replaced by unconventional ones like clients’ SaaS applications and mobile devices. Nearly three-quarters of respondents indicated that SaaS applications have been targeted, of which 30% of attacks observed were against Microsoft 365, 10.55% against Google Workplace and 5% against Salesforce. MSPs also noted that Android devices are targeted three times more than iOS devices.

Ransomware Prevention and Recovery

About 70% of MSPs deploy multiple layers of defense (combination of end-user training, immutable off-site backups and file system monitoring), with backup serving as the last line of defense. Therefore, there is a strong emphasis on the ability of the service provider to recover clean data after clients get hit by ransomware. MSPs are partnering with MSSPs to offer clients improved security, meet compliance requirements and additional cybersecurity expertise.

Consequences of Ransomware

Even with all the preparedness, attackers can slip through the cracks and wreak havoc before a successful recovery can take place. Data loss and downtime are the most widely reported consequence of a ransomware attack. The average downtime an organization faces after a ransomware attack is 21 days, which causes a ripple effect that disrupts client business in more ways than one.

Future of Ransomware

The rise in hybrid work environments and the advent of new technologies like 5G and IoT will shape the future of ransomware. It’s no surprise that 84% of MSPs expect ransomware to worsen or remain the same. In other words, the future holds many challenges for MSPs, but at the same time, opportunities as well. In the end, it all depends on how MSPs leverage the situation.

For more detailed insights on the current state of ransomware and what the future looks like, get your free copy of the report.