VARs taking the rap for ransomware attacks
Most feel they would be blamed if a customer is hit and carry out the repair work for free, research finds
Most VARs feel customers would hold them responsible for a ransomware attack, according to a survey by hosting provider Intermedia, which also found that resellers often pick up the pieces free of charge.
Fifty-nine per cent of VARs and MSPs feel they would be blamed in the event their client was hit, while 39 per cent said they do not bill their customers for ransomware recovery, Intermedia found.
Richard Walters, senior vice president of security products at Intermedia, told CRN that the onus is on resellers to raise awareness of ransomware and spread the word that signature-based protection techniques can be powerless against zero-day attacks.
"If you are providing email security services and one of your customers gets hit, they're not necessarily going to be that interested in a technical explanation as to why it's a zero-day variant and why none of the anti-virus vendors have provided a signature yet," he said. "The technical staff might understand, but at the end of the day, customers are going to feel you've let them down."
Walters added: "As long as we are relying on a signature-based, reactive approach, this is going to be a continuous arms race. The solution is proactive education; educating people that protection is fine but is never 100 per cent and that something will get through."
The average ransom demanded now stands at between $300 (£209) and $1,000, according to a recent report by InfoWorld.
But downtime stemming from ransomware can be a bigger cost than the ransom itself, Walters added, with Intermedia's research finding that one third of those infected lose access to their systems for five days or more.
Ransomware attacks are now increasingly being targeted at larger firms, Walters added, with 60 per cent of those hit having more than 100 staff and 25 per cent having over 1,000 staff.
"Ransomware is nothing new," he said. "It's been around since about 2005 but it typically infected consumers. Now we're seeing more sophisticated crypto-ransomware where it's encrypting files. We've also seen very recently malware that, once it's infected one machine, the ransomware includes code that looks across the network and tries to spread to other machines. In these larger organisations more and more machines are being infected and the attackers are now offering bulk discounts to clean up an entire organisation.
Walters added: "End-user customers are turning to partners for advice. It's that security awareness piece partners can help with and the ability to recover. There are solutions now that give you rapid roll-back to a set of files immediately prior to encryption."