Stay one step ahead of ransomware attacks


Ask an MSP ExpertRansomware is on the rise. This form of malware is designed to encrypt a victim’s network data and hold it hostage until the requested ransom is paid. Over the past year alone, we’ve seen a steady stream of ransomware attacks in the news.

The University of California San Francisco racked up $1.14 million in recovery and mitigation costs. The Travelex ransomware attack cost $2.3 million in recovery. Garmin reportedly paid multimillion dollar in ransom after their attack, and let’s not forget the recent Colonial Pipeline ransomware attack which interrupted gasoline transportation from Texas to New York for a week and paid $4.4 million ransom to the hackers.

But cybercriminals are not only targeting their attacks at high profile companies; they are attacking businesses of all sizes. The Beazly Group, a global specialist insurer, cited that ransomware grew by more than 130 percent in 2020. While ransomware has been around for a while, businesses are still falling victim to it. So, how, as an MSP, can you make sure your customer isn’t the next to become a statistic?

To help you better protect your customers, here is a refresher on what you need to know about ransomware and key recommendations on how you can best protect your customers against it.

How ransomware attacks work

Ransomware attacks are most commonly delivered through phishing emails. Once an employee clicks on the malicious link, the virus will spread through the network and infect devices with security vulnerabilities. Some attacks are designed to harbor in an environment and detonate at a later time in order to gain access to more devices, like a backup server. In some cases, the encryption of files starts at the backup level, leaving companies no choice but to pay the ransom to get their data back.

The pandemic and the shift to remote workforce in 2020 had exacerbated the issue as employees were all connecting to the corporate network via a remote access protocol such as VPNs. If a distracted worker clicks on the well-designed phishing campaign, the attack can easily travel through the remote access portal and gain access to the corporate network, and to other opened portals to infect other employees who are connected.

How can MSPs protect customers?

Perhaps one of the most important security measures an MSP must take is ensuring that software security vulnerabilities are patched promptly and regularly. But patch management is just one part of the multilayered security to protecting customers from ransomware attacks. The other layers include:

    1. End-user security awareness training is very important. Phishing emails are on the rise. Make sure your customers’ end users can spot them in order to avoid unnecessary link-clicking and attachment opening from unknown senders.
    2. Know your customer network’s security posture. Security is an ongoing process and requires continuous assessment as security postures can change hourly. It could be a new security vulnerability discovered or a user removing antivirus due to perceived performance issues. MSPs should incorporate continuous security assessment to ensure their customers’ security stance is up to par.
    3. Multilayered security service that goes beyond antivirus. Ransomware is polymorphic in nature and new variants will appear before an antivirus software can define it as malicious. It is important to include Advanced Threat Protection technology, email protection, network protection, and web protection on top of an antivirus to protect your customers from ransomware and spam emails that may contain malicious attachments/links.
    4. Test and verify your backups. Backup is one of those things that we set up and forget, but it’s important to periodically test and verify that it is working. It is also wise to have a detached backup to safeguard the backup.
    5. Automation is key. To be successful in ensuring your customers are protected, you can’t rely solely on manual processes to protect your customers. You need to automate as much as possible to quickly address any anomalies, update security patches, and if disaster strikes, recover customers’ sites promptly to reduce the outage it may cost your customers.

Cybercriminals are becoming increasingly savvy with their ransomware attacks. Build a strong line of defense for your customers by being proactive, taking preventative measures, and promoting security awareness at all times. This is what makes the difference between successful attacks and thwarting them. It has made all the difference for other MSPs in being successful, and it can for you too.

Photo: ESB Basic / Shutterstock