What Happens When MSPs Get Hit with Ransomware?

Greg Edwards

The “worst-case” scenario is no longer unexpected in the channel. MSPs are increasingly on the receiving end of the cybersecurity attacks that they spend so much time and money trying to stop for their clients. With so many variables (human error is at the top of that list) and possible entry points for cybercriminals and their wares, just one simple mistake or lapse in judgment can literally destroy your reputation. A successful ransomware attack could decimate your business.

Some may suggest that statement is an over-dramatization of the problem. However, over the past few years, ransomware attacks on MSPs are escalating. Cybercriminals target anyone with an email and/or an internet connection, sometimes taking the “shotgun approach” to spread malware and inflict maximum collateral damage.

Just this week, on the heels of its attack on the Colonial Pipeline attack, the hacker group Darkside hit three other U.S.-based companies, including a “technology services reseller based in Illinois.” More than 600 gigabytes of sensitive data, including passwords, financial information, personnel files, and employee passports were involved in the incident.

IT Services Firms are Prime Targets

Unfortunately, unlike most other businesses, MSPs hold the keys to many other organizations’ systems and data – a major win for any ransomware purveyor whose wares manage to break through the defenses. IT services firms represent the motherlode of targets for cybercriminals today. With an estimated 20,000-40,000 MSPs in the U.S. alone, and the average provider supporting 122 clients, per a recent Datto report, the potential revenue opportunities for ransomware purveyors are too big to overlook.

MSPs should be preparing for an escalation of attacks as cybercriminals begin honing their targets. Hacking groups appear to be shifting away from the scattered approach and going after companies with deeper pockets (i.e., the Colonial Pipeline, Apple, Microsoft).

That’s not to suggest that your SMB clients can relax; as long as these individuals and syndicates are making money, they will surely continue attacking anyone and everyone with reckless abandon. Profit motives will continue to drive the tactics of the cybercriminal community.

The Biggest Risk Factors for MSPs

On the supply side of IT security lapses, providers have to address a number of real and potential concerns. From all the people involved in their services delivery and management pipeline, including vendors, clients, and other partners, to the vulnerabilities associated with networks and various technologies, MSPs have to pay close attention to all of it. Effective policies and top-notch monitoring and management tools are a must.

Even with those basics in place, it only takes one slip to get hit with a ransomware attack. Cybercriminals are getting more creative with their tactics and employing the same innovations as their rivals, including machine learning and artificial intelligence. Email security solutions cannot possibly recognize and stop every potential new attack method without slowing message delivery and compromising productivity.    

Then there’s the human element. People remain the number one risk factor or failure point of cybersecurity. According to the newly released 2021 Verizon Data Breach Investigations Report, 85% of the past year’s incidents involved a human element. Whether an unsuspecting person errantly opens a suspect website or a careless employee downloads a file from a suspicious-looking email, those simple actions can easily upend the best-designed defenses.

Many ransomware attacks begin with one simple but disastrous mistake. Cybersecurity awareness training is a business essential that MSPs should promote, provide, and whenever possible, make mandatory − for clients and staff members. However, even the smartest and most educated employees can still slip when worn down or having a bad day.

Everyone has that occasional momentary lapse in judgment. End-users can fail to spot a spelling error in a greeting or altered email address and forward the message to others or click on a link or attachment that opens the door to a ransomware attack.  

The Consequences for MSPs Can Be Devastating

While cybersecurity incidents can be extremely detrimental to any business, a similar assault on an IT services firm has the potential to derail multiple networks and affects scores of workers. The cascading effect as ransomware attacks various clients’ workstations is stressful and demoralizing to MSPs and their employees, not to mention devastating to the business.

After all, business leaders look to your team for cybersecurity expertise and knowledge, and most people simply do not understand the risks or the complexity of modern-day attacks. They assume IT pros are invincible. Of course, that false assumption can cause real issues if an MSP does end up in the crosshairs of a cybercriminal. Combine that with the traditional “cobblers’ kids have no shoes” concerns − which refers to IT services pros spending so much time focused on clients’ security issues that they may overlook something important in their own business − and you can understand why ransomware attacks are on the rise.  

The damage to your business reputation is a primary consequence. If the local, or possibly worse, the national news outlets get ahold of the story, it will be very hard to put that “genie” back in the bottle. Many MSPs have suffered that fate over the past few years, and the struggle to recover can be exponentially harder for those firms than for those that evade the media’s attention.

The time and effort to recover data and operations for numerous businesses is another big problem. MSPs have to restore their own systems as well as those of all their affected clients, which is no easy task amidst a ransomware attack. That task may be almost as challenging as changing a flat tire on a moving vehicle. Unless you can enlist an army of other tech professionals to lend a hand, as has been the case with a few MSPs involved with supportive peer group communities, that undertaking is overwhelming and costly.

The Solution

The reality of the situation is that no one is immune from cybercrime, even MSPs, so it is critical to emphasize the importance of implementing industry best practices and policies. Even then, no system is invulnerable. Show your clients the steps you take to fortify your defenses. Demonstrate the “eat your own dogfood” approach, emphasizing how the tools you recommend for securing their business also protect your systems.

Quality defenses are essential. In many cases, those protections may even be industry or government-mandated, but nothing you do can possibly be foolproof. As long as people are involved, there is room for human error. With cybercriminals employing even more creative social engineering tricks, it gets easier to lure people into their traps. Even the savviest IT pros can slip up.

No one is infallible. Let your clients know that your internal cybersecurity standards are extremely high, but even the best designed and properly maintained systems are not foolproof. Also, remind them that data protection is a constantly moving target, requiring different tools and new investments each year.

For example, you should consider adding a solution that automatically detects and stops actively running ransomware attacks. Partnering with CryptoStopper is a great way to strengthen your internal and client-side defenses in 2021. Our ransomware protection continually monitors for nefarious encryption activity and includes self-healing elements and offline alerts to ensure your networks (and those of your clients) are always protected.

Adding defensive layers is critical today. The best way to avoid having those uncomfortable discussions with clients is not to be the “low hanging fruit” when it comes to vulnerabilities. Do whatever you can to make it harder for cybercriminals to succeed with ransomware attacks.


Share this:

Entrepreneur Link



Subscribe to Email Updates

Recent Posts

Posts by Topic

see all