A ransomware attack can be absolutely devastating for any business, and MSPs are increasingly becoming targets. Responding to attacks can be time consuming and expensive, and yet MSPs are left with little choice once they’ve been targeted by cybercriminals. Getting ahead of ransomware attacks with proper planning and protection is the best way for MSPs to combat criminals and protect their customers’ data.
According to the Sophos 2020 Threat Report, cybercriminals are increasingly using MSPs’ remote monitoring and management (RMM) solutions against them. They do this by exploiting vulnerabilities in some of the most popular RMM solutions. Once a solution is breached, attackers typically have access to a large cache of data and can easily hold it hostage, while also distributing ransomware onto additional networks remotely.
The threat to MSPs has become so serious that the Homeland Security Department recently issued a warning about an ongoing campaign of attacks linked to the Chinese government. The Department has seen a strategic shift recently in the tactics of the APT10 threat group, sponsored by China’s Ministry of State Security, and MSPs have become a prime target.
One of the most important steps MSPs can take to combat attacks is to enable multi-factor authentication on their RMM and central management tools while also protecting all endpoints. Employees should also be educated about ransomware as well as phishing techniques that are commonly used in ransomware attacks.
According to Sophos, some of the key security practices MSPs can employ include applying software patches early and often, as well as using strong passwords that are changed regularly. Backing up data regularly as well as keeping backup files off-line and off-site are also important practices, along with being cautious about opening unsolicited email attachments.
Employees should also be advised not to enable macros from attachments received via email. JavaScript files should be opened in Notepad initially so that contents may be scanned for malicious code before launching. MSPs should also implement tamper protection measures, or lower user privileges, to prevent employees from accidentally uninstalling security services.
Ransomware attacks pose a major threat to MSPs, in the form of a giant price tag to either pay the ransom or try to recover data. Productivity losses after an attack can be devastating, not to mention the loss of customer data and goodwill that goes along with an attack. By being proactive about security measures and routine precautions and procedures, MSPs can get ahead of attackers and ensure their networks and customer data are properly protected.
To provide additional information about cyberattacks and security measures for MSPs, TMC is hosting its MSP Expo in Fort Lauderdale, FL from February 12-14. The event will offer information about technology, hacking threats and security measures MSPs can take to protect themselves and their customers.
Edited by
Maurice Nagle
