Will Ransomware Force You to Fire Your Customers?

Ransomware’s effect on IT service providers can be just as damaging as the businesses hit.

The imminent danger of ransomware is real.  Even those that don’t typically follow or cover tech news have probably heard of it and are rightfully concerned. In 2016, ransomware surpassed $1 billion in ransoms collected and inflicted $70 billion in downtime losses.  In fact, 7 out of 10 executives said they’ve been willing to pay up to get company data back (according to a recent IBM survey).

Sadly, 2017 is projected to be even worse. However, most SMBs need experts to lead them to safety.

Enter the IT pro.

IT professionals have a unique relationship with the businesses they serve. On one hand, IT pros are the only ones that can solve their problems, the expert savior. On the other, they may come across as a used car salesman despite their best efforts to put the customers’ needs first.

Ransomware not only impacts the customer infected, puts it also imposes a heavy tax on the MSPs that serve them.  That’s why MSPs should re-evaluate their role with their clients and mandate certain data protection processes or risk their own financial well-being.

Here’s why:

  1. You can’t afford to spend limited resources on avoidable situations
  2. Everyone loses in an ‘I told you so’ moment
  3. You have more than one business to maintain

You can’t afford to spend limited resources on avoidable situations

When it comes to ransomware, a poorly designed or maintained disaster recovery (DR) solution can force IT professionals to spend collective man-weeks instead of mere hours to resolve the problem.  In some cases, organizations may not be able to even recover their data at all.

Here’s a real-life example.

In the first week of December 2016, we had a partner (let’s call them “ACME Solutions,” that had two different customers (A and B) that were hit with ransomware within the same week. Customer A did not have a DR solution at all, but did have some network backups. Customer B had recently deployed our DR as a Service (DRaaS) solution.


CustomerSystems ImpactedDR SolutionMan-Hours Involved
AFileserver, database serverTraditional backup1,000
BFileserver, database serverDRaaS3


Customer A’s fileserver, database server, and network backups were all infected. Within three days, a partial recovery of the fileserver was complete. Within seven days the database server was still offline and still unrecoverable. By day 10, less than 50% of the database was recovered. ACME had two techs, a service manager, an account rep, and even their President engaged in the recovery of the data and the customer relationship. That’s five people spanning five departments for over a week.

Customer B’s fileserver and database server were infected. Within a matter of hours, a single technician recovered all the data and had the business back up and running. Let’s round it to three man-hours total, one person, one department.

Everyone loses in an “I told you so” moments

IT professional understand that they’re responsible for all things IT—even when their clients don’t always heed their guidance. The situation with Customer A consumed ACME’s resources from sales, the technical team and executive-level management. Even if ACME charged for every hour, which they certainly could not, they would have clearly lost money. In fact, it will probably take another year of service to break-even with Customer A assuming they remain customers after the ransomware episode.

Beyond that, there’s also the word-of-mouth problem.  Will Customer A be a raving fan of ACME? Doubtful.  It’s unlikely Customer A will be tossing any referrals their way any time soon (even if they knew that they shared in some of the responsibility).

You have more than one business to maintain

Many IT service companies have 20-50 active customers at any given time. In the case of ACME, they had 2 different businesses struck with ransomware simultaneously. Imagine the impact if both customers were setup like Customer A? This is what we call kicking a man when he’s down.

By the numbers, more than 50% of all businesses in the US have already been targeted by ransomware. And being targeted once doesn’t mean you won’t be targeted again. What if half of your customers were hit with ransomware in the same 6 months? Same month?

It’s time for a rethink. It’s time to mandate that clients adopt DRaaS as part of their monthly subscription.

Each customer should be setup so they can quickly failover systems and recover data in the event of a server outage or ransomware infection.  If all customers are configured like Customer B, partners and their clients can sleep at night. If all customers are setup like Customer A, how deep in the red is ACME willing to go before needing to downsize?

Ransomware doesn’t have to be scary

When organizations have an adequate backup and DR solution in place, everyone wins.

Cloud-based DRaaS solutions have come a long way in the last year in terms of functionality and affordability – in fact, cloud failover solutions are now affordable for most organizations.
The economics dictate that IT professionals take a hard look at their client portfolio. They can’t afford to have ransomware-susceptible customers risk their own financial future.  It’s time for tough love.  It’s time for IT pros to fish or cut bait — and this just might mean firing a few customers who are unwilling to adopt DR best practices.

There’s just too much at stake.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.