Repeat Ransomware Attacks
“Not Again!” Businesses Paying Ransoms Still Suffer
It’s bad enough for a business to be attacked by ransomware a first time, but getting hit a second time…in a short period…even after paying the ransom – that’s the worst. According to Cybereason’s 2024 study, Ransomware: The True Cost to Business, not only are these attacks occurring at higher rates, but they’re getting more sophisticated and pervasive.
This article explores the study’s outcomes related to MSPs, the SMB clients you protect, and overall cybersecurity readiness. Keep reading to learn more about this growing threat vector and how to prepare your business continuity and disaster recovery (BCDR) services for a strong defense.
Table of Contents
What is Repeat Ransomware?
To understand repeat ransomware, you must first be aware of ransomware prevention. Ransomware is a type of malicious malware that encrypts the data on a personal computer, mobile device, or server, blocking access by the data’s owner. Attackers demand a ransom to decrypt the data and allow the owner to access their files. This is a best-case ransomware scenario.
In a worst-case scenario, bad actors may steal and distribute data before returning access to its owners. It could be modified or published on cyber black markets, leaving victims vulnerable to new cyber threats and potential attacks. Impacted customers may be burdened by individual victimization, identity theft, and exposure of their private information. The attacked business may face a multitude of consequences, including:
- Additional and higher ransom demands
- Litigation, depending on legal consequences
- Breach notification costs
- Operational chaos and business disruptions
- Permanent data loss or corruption
- Reputational damage
And that’s just after one attack. Repeat ransomware occurs when the same victim is attacked by ransomware again – often by the same perpetrators, but they could also be different. A second (or third or fourth) attack exasperates those consequences, putting the impacted businesses – both MSPs and their clients – in a position to lose revenue, customers, and potentially the entire company.
Repeat ransomware attacks can baffle the unaffected, but once the bad guys know you’ve left the door open once, they’re assuming you could leave it open again. Unfortunately, many businesses believe, “it won’t happen to me.” Even after it does, you may think, “Well, it can’t happen again,” but that’s precisely what the attackers are banking on, and they’re winning.
78% of Ransomware Victims Hit by Repeat Attacks
In the 2024 Study, Ransomware: The Cost to Business, over 1,000 IT professionals responsible for cybersecurity who were breached at least once in the last 24 months were surveyed. Asked about attack vectors, motivation, ransom payments, and the after-effects of paying up, the study was designed to learn from businesses that have been breached.
The report’s key findings help you show your MSPs value and sell BCDR services to SMB clients. Focusing on current studies, real-world examples, and the latest threat vectors, you can keep clients updated about the realities of ransomware, repeat ransomware, and accidental data deletion. Just as important, these findings also provide a fresh look at the expanding complexities of cybercriminals to inform MSP security strategies for clients and personal business protection.
“If I could have one wish for 2024, it would be that we stop calling ransomware by the same name. It fails to describe the true impact of an attack. What started as the simplest of notions – encrypting data and extorting money to return access to it – evolved into a complex ‘Swiss army knife,’ like the blended attacks back in the early 2000s.” – Greg Day, Global Field CISCO, VP Cybereason
Considering emerging and transformative AI technologies, the report highlights the impact of generative AI, which uses large language models (LLMs) to replicate human interactions with personalization for successful system infiltration. Armed with instant language translation, attacks are rising in non-English-language countries such as Italy, Germany, France, and Japan. Unfortunately, while many businesses have ransomware protections and are increasing cybersecurity spending, too many don’t feel confident surviving an attack due to the wrong people or ransomware disaster recovery plan.
Even worse, most attacked businesses pay ransoms, but just under half recover intact data. Surprisingly, most of those businesses are attacked a second time, shortly after the first, with a higher ransom demand. Here’s a deeper look into participant responses…
Key Repeat Ransomware Statistics
Attacks are evolving
- 56% of businesses failed to detect a breach for 3-12 months.
- 41% of attackers penetrated systems via a supply chain partner, 24% got in alone, and 22% had an insider’s help.
Re-think paying the ransom
- 84% of businesses paid the ransom, but only 47% got data and services back uncorrupted.
- 78% of ransomware victims who paid the ransom were hit by repeat ransomware, with 36% being hit by the same attackers.
Businesses aren’t prepared for repeat ransomware
- 87% of companies increased cybersecurity spending, but only 41% think they have the right people and plan to manage another attack.
- 37% of IT professionals say they have the right people but not the right plan, and 18% say they have the right plan but not the right people.
MSP Takeaways to Avoid Repeat Ransomware Attacks
Now that you see how prevalent repeat ransomware is for businesses, applying the findings to the channel is beneficial. The following five takeaways give MSPs the following steps and examples of the solutions required to not only avoid a first attack but never have to worry about repeat ransomware again.
#1: Keep techs happy to retain talent
The worldwide tech skills gap has been an enduring challenge for years, with an estimated 4 million professionals needed to fill the cybersecurity gap alone. The shortage makes it difficult for MSPs to find accomplished technicians and poses a cybersecurity threat to you and your clients. Seventy percent of businesses say fewer labor resources have resulted in additional risks and more breaches.
Beyond the standard job offerings like pay and benefits, technicians want to work with products that work. Technicians can’t do their job if they constantly battle slow, complicated, and error-prone BDR solutions that fail to meet client expectations. The 4 reasons MSP technicians love Axcient BCDR are the reliability, ease of use, speed, and support of Axcient solutions. Ensure that you’re helping technicians help you with regular technology assessments to identify solution vulnerabilities and explore the market to see what your MSP could be missing.
>> Learn More: The Landscape of Ransomware Solutions: An In-Depth Guide for IT and MSP Decision Makers
#2: Upgrade from legacy to modern innovation
Amateurs backup. Professionals recover. MSPs can level up from backup to business continuity by protecting everything with flexible deployment options that invite agility through automation and modern technologies. Leveraging the elite proprietary innovations embedded in Axcient x360Recover, MSPs instantaneously advance to a comprehensive, security-first approach to data protection and restoration.
Too many MSPs are complicit in allowing vendor sprawl and status-quo products to take over their stacks, resulting in high spending and low performance. In fact, according to the report, 87% of IT professionals increased cybersecurity spending in the last year, but only 41% feel ready to manage the next attack. This scenario invites a repeat ransomware incident and poses a constant risk to your MSP’s profits, clients, and competitive edge in the channel. Not surprisingly, participants report their highest investments in cybersecurity talent, awareness training, and new tech (e.g., endpoint tech and identity services).
The difference between completing these tasks and gaining value from them is significant to controlling spending, allocating resources, and continuing to drive revenue—all while fully protecting clients. Be thoughtful and deliberate in solution and vendor selection to lower the risk of ransomware and repeat ransomware with the one-two punch for cyber threat offense and defense.
>> Learn More: 6 BCDR Must-Haves for Meeting Most Use Cases with 1 Solution
#3: Know your cyber liability insurance policy
Cyber liability insurance, also known as cyber insurance, helps businesses cover financial loss due to cyberattacks or data breaches involving sensitive information. While some MSPs believe they are covered following a ransomware attack, that may differ depending on individual policies and plans. This is why MSPS must understand coverage and limits so you can reinforce them with additional protections, like a robust BCDR solution and dedicated MSP-only vendor.
To meet and maintain cyber insurance requirements for MSPs, you must demonstrate the use of today’s best practices, including leveraging automation, testing protected systems, and providing proof of backup health and recovery capabilities. These high standards force MSPs to better protect a more extensive and deeper attack surface and can provide significant support following an incident.
However, not all plans are the same, and ransomware protection, recovery support, and financial backing may not be part of your policy – especially for repeat ransomware. Ensure your policy’s opportunities and limits are outlined in your disaster recovery plan so you can react accordingly and confidently using support you trust.
>> Learn More: The MSP Cyber Insurance Guide
#4: Complete regular DR planning and testing
Disaster recovery planning and testing are critical for proving DR readiness to MSP clients, cyber insurers, compliance and industry regulators, and yourself. Despite the importance of oversight and proof of performance, many BDR products lack the capacity for fast, easy, and efficient testing. Rapid virtualization, DR self-management, and pre-configured runbooks specific to client environments are crucial for running regular tests that put your DR plan to the test.
Axcient x360Recover provides built-in runbooks with Virtual Office. This cloud failover feature lets MSPs self-start VMs in the Axcient Cloud of one or more protected devices to temporarily replace all impacted production infrastructure. Individually managing recovery gives MSPs flexibility, optimization opportunities, and peace of mind that their clients’ businesses will always be on and recoverable. Test, generate results, and share them with stakeholders to continually reinforce trust in your MSP, providing hard evidence of secure systems and proactive protections to prevent ransomware and other data loss events.
>> Learn More: The MSP Playbook for Best Practices in Disaster Recovery Planning and Testing
#5: Don’t pay the ransom
Paying the ransom doesn’t ensure recoverable data, data that hasn’t already been shared on the dark web, or that it won’t happen again – and soon. Remember, you’re dealing with cyber criminals, so you can’t trust them. Beyond that, paying the ransom, which averages $1.4 million in the U.S., can leave many businesses struggling to keep their doors open. Instead of paying the ransom, proactively protect your MSP with a robust, tested, and regularly updated disaster recovery plan.
Starting with the disaster recovery solution, MSPs should choose a dedicated, MSP-only vendor that prioritizes channel-specific pain points, product development, and cybersecurity updates. Partner with a vendor and solution that offers always-on automation to defend clients from ever having to consider paying a ransom. Axcient’s proprietary Chain-Free backups enable immutable data with AirGap, which has been proven to protect SMBs from ransomware and repeat ransomware attacks.
AirGap is your last line of defense against cyber threats. This always-on and always-included feature automatically separates data deletion requests from the mechanics of deletion. Even after a bad actor believes they’ve successfully encrypted or deleted data, it can always be recovered from the safety archive, where it is stored, protected, and ready for near-instant recovery. There is no need to negotiate or entertain hackers ever again.
>> Learn More: The Ransomware Recovery Guide for MSPs
Next Steps to Stopping Repeat Ransomware
Utilize the free, MSP-specific resources linked above to test ransomware preparedness within your MSP. See how automation enables hands-free, labor-saving productivity and recovery following a disaster recovery scenario. Alongside your MSP’s disaster recovery or incident response (IR) plan, run practice drills, table reads, and mock events to test, optimize, and ensure rapid recovery for uninterrupted business continuity.
If you’re unsatisfied with what you discover, explore the market, see what you may be missing, and consider the role of your vendor in facilitating or preventing cybersecurity challenges like repeat ransomware attacks leading to ransomware payments. Consider revisiting your plans and develop a rock-solid DR plan technical plan template and DR plan SLA template so you can standardize your offering with your clients. You can also review your full cybersecurity posture with the 5 Critical Pieces of a Good MSP Security Playbook, or take a deeper look at Axcient x360Recover’s ransomware protections:
Author
Related posts
How well could you sleep with reliable cloud-based backups and recovery?
Take a deep dive into Axcient’s proprietary, automated security features to see how we’re ensuring uninterrupted business continuity — no matter what:
