https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

From the Industry


Getty Images

Sponsor Content

reading ransomware digital computer screen magnifying glass 3D Illustration

Everything MSPs and MSSPs Need to Know about Ransomware

  • Written by Sophos Guest Blogger
  • December 2, 2019
MSPs and MSSPs need to understand the ways in which their customers—and they themselves--are at risk.

The 30th anniversary of ransomware is coming up in December, and it’s safe to say ransomware has come a long way from the first 1989 attack that was spread by floppy disks delivered via snail mail.

The modern era of ransomware really began in 2013 with CryptoLocker, which was the first ransomware to spread through compromised websites and emails. Ransomware has continued evolving since then, up until targeted large-scale attacks like SamSam and Ryuk became common in 2018. This year, as we found in our 2020 Threat Report, we’ve seen attackers raise the stakes even more by changing or adding traits to confuse anti-ransomware protection.

Ransomware attacks are increasingly aggressive and devastating, and MSPs and MSSPs need to understand the ways in which they themselves are at risk. Cybercriminals are infecting MSPs and MSSPs with the goal of reaching their customers’ systems in turn. Responding to an attack is costly, whether you’re spending time finding ways to decrypt files yourself or shelling out money for a ransom. Either way, ransomware attacks can result in lost business productivity and potentially business-threatening downtime, and there’s more MSPs and MSSPs could be doing to guard against these threats.

Let’s take a closer look at today’s ransomware landscape and how MSPs and MSSPs can help organizations stay protected.

How Ransomware Attacks Start

There are a few common techniques used among attackers, including three ways ransomware attacks tend to start. Attackers might send malicious phishing emails that look legitimate, but are designed to get the target to open or download an attachment. By opening those attachments, ranging from Word documents with macros to JavaScript files disguised as .txt files, victims unwittingly install the ransomware on their systems.

Another common way to get infected is through poisoned websites–legitimate websites that have been infected with an exploit kit. Users might hover over an ad or click on something that looks innocent. In some cases, just visiting the page is enough to accidentally install ransomware on the computer and run it.

A third technique, often used to infiltrate MSP and MSSP networks, involves exploiting Remote Desktop Protocol (RDP) and other remote access holes. Each computer running RDP is a potential gateway into an organization’s internal network–and they’re often protected by nothing more than a username and password. Attackers have found great success guessing individual passwords, sometimes by brute force, to gain access to corporate networks and conduct ransomware attacks.

How Ransomware Attacks Unfold

After the initial exposure, there are two ways ransomware attacks typically unfold: what we call “fire and forget,” or targeted ransomware.

Fire and forget attacks aim for a high volume of smaller ransoms. Cybercriminals launch an attack aimed at a number of organizations, and they use automated techniques to try to infect as many computers as possible. Here’s how this might play out: After using a malicious email or compromised website to gain entry, attackers download ransomware that encrypts files and deliver a ransom note demanding payment to decrypt those files.

Targeted ransomware, on the other hand, focuses on one victim at a time, but demands much higher ransom fees. These manual attacks tend to gain access to a network through RDP or malware. They then move laterally through the network, escalating their privileges to administrator, spreading ransomware that encrypts files, and ultimately demanding a ransom.

How to Stay Protected

It should come as no surprise that ransomware attacks can be incredibly costly for MSPs and MSSPs. In fact, an MSP recently paid $150,000 to hackers to recover data after a ransomware attack that spread out to their end-customer systems. Trying to avoid downtime and data loss requires a proactive approach with advanced protection at every stage of an attack, from network protection to securing endpoints.

Having effective security products isn’t all it takes, however. Educating employees about ransomware and the phishing techniques commonly used to launch attacks can help stem attacks at their access point. For MSPs and MSSPs, this means both educating your employees and providing resources for customer education.

To that end, here are a few security best practices to keep in mind.

  • Always be cautious about unsolicited email attachments, and don’t enable macros in attachments received via email. Open JavaScript (.JS) files in Notepad so you can scan the file contents for malicious code first.
  • Enable two-factor authentication.
  • Either implement Tamper Protection or lower user privileges from Admin on the local PC, to prevent the uninstallation of security services.
  • Apply patches early and often.
  • Use strong passwords and change them often. And as always, backup regularly and keep a backup file off-line and off-site.

Scott Barlow is VP Global MSP, Sophos.

 

This guest blog is part of a Channel Futures sponsorship.

Tags: MSPs Best Practices From the Industry Intelligence Security Sophos Sponsor Content

Most Recent


  • the software patching problem - solved
    The Software Patching Problem - Solved
    Organizations are struggling to keep up with the pace of software security patches and updates, making automation essential.
  • Making Waves
    7 Channel People Making Waves This Week at Pax8, Canalys, Microsoft, Splunk, More
    Over 100,000 unfilled jobs for IT professionals have been eliminated.
  • Collin Ellis at Zero Trust World 2023
    Zero Trust World 2023: A Deep Dive Into the Dark Web, ThreatLocker Gold Partner Awards
    Cybercriminals will steal data just to prove someone has bad security.
  • Statistics
    Post-TBI Acquisition, Partners Weigh the Future of AppDirect, TSDs
    "I work with the assumption that no company will be what they are today three years from now," a partner said.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • 5G
    5G: Revolution or Evolution?
  • M&A
    Why All MSPs Need to Understand the M&A Landscape
  • hurricane season
    4 Things MSPs Should Consider When Prepping for Hurricane Season
  • zero-trust
    The Benefits of Zero-Trust Security over VPNs

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

7 Channel People Making Waves This Week at Pax8, Canalys, Microsoft, Splunk, More

February 3, 2023

Post-TBI Acquisition, Partners Weigh the Future of AppDirect, TSDs

February 3, 2023

Juniper Networks Shows ‘Swagger’ with Ambitious Growth Strategy

February 3, 2023

Industry Perspectives

View all

The Software Patching Problem – Solved

February 3, 2023

How to Break Through the Growth Ceiling

February 1, 2023

5 Things to Look for in a UC Partner

January 31, 2023

Webinars

View all

Next-Generation MSP Platform: The Building Blocks for Your Business

February 15, 2023

How To Boost Your Business With White-Label UCaaS

February 28, 2023

Security Secrets of the MSP 501: How to Be a Cyber Leader in 2023

December 15, 2022
  • 1

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 117: Cato Networks, Video Killed the Podcast Stars

Retired Astronaut Capt. Scott Kelly Previews His CP Expo Keynote

December 21, 2022

Fusion Connect Eyes Future with Intrado UC, Managed Network Customers

September 23, 2022

RingCentral Focused on Hybrid Work, Microsoft Teams, Other Integrations

September 23, 2022

Twitter

ChannelFutures

Channel people making waves include: @RobTRae, @vasujakkal, @ReneeIMCloud, @garylsteele dlvr.it/ShvjQ3 https://t.co/yz09flzXvV

February 3, 2023
ChannelFutures

The slowdown in #publiccloud spending is real and it’s arrived at #AWSCloud and #GoogleCloud.… twitter.com/i/web/status/1…

February 3, 2023
ChannelFutures

#ZTW23: @ThreatLocker Gold Partners announced, deep dive into the dark web. dlvr.it/ShvFGF https://t.co/k68BfzLToq

February 3, 2023
ChannelFutures

Channel Partner Success Story: Forerunner Technologies - Learn how @NEC UNIVERGE BLUE Cloud Solutions enabled… twitter.com/i/web/status/1…

February 3, 2023
ChannelFutures

Partners and suppliers weighed in on the AppDirect-TBI acquisition and its implications for the channel.… twitter.com/i/web/status/1…

February 3, 2023
ChannelFutures

Read about @coxbusiness' acquisition of @Logicworks. dlvr.it/Shty4t https://t.co/3MaKai6SVr

February 3, 2023
ChannelFutures

Where in the world are the top MSPs?? Take a look at the infographic breakdown of 2022 #MSP501 winners by region >>… twitter.com/i/web/status/1…

February 3, 2023
ChannelFutures

.@SovosCompliance offers tips for how and when to revamp #partnerplans. dlvr.it/ShtDgv https://t.co/vPzajXnjee

February 3, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X