What MSPs Should Know about Crypto Ransomware

With crypto ransomware making headlines, many clients of MSPs are understandably concerned that ransomware attacks might disrupt their business operations and potentially cost them thousands of dollars. To help MSPs gain perspective on this growing threat, we offer the following comments, excerpted from a conversation with Hal Lonas, chief technology officer at Webroot:

On the evolution of crypto ransomware …

“In the early days of CryptoLocker, back in September 2013, we were very good at detecting and/or remediating the impact of crypto ransomware. At that time, it was quite rare, but we’ve watched it advance steadily in both sophistication and impact. Now, we have an in-house team focused on keeping our efficacy against crypto ransomware as high as possible, and we closely monitor any successful intrusions against our defenses.

“Crypto ransomware is now at the ransomware-as-a-service stage, where any cybercriminal can get their hands on encrypting ransomware variants and set up shop in the extortion business. Its prevalence is widespread, and it’s getting more difficult to stop.”

On what MSPs can do to protect their customers from crypto ransomware …

“While having a highly effective endpoint antivirus/antimalware solution in place is absolutely essential, there are a number of other mitigation strategies that are equally important. Some of these involve Windows system settings, email server settings and restricting certain rights, but the best way to protect customers is to have both a great endpoint security product and solid backup and recovery procedures.

“Businesses need a backup solution for disaster recovery and business continuity, but with crypto ransomware attacks, it’s more important than ever that the backup be secure. Even when an organization pays the ransom, there’s no guarantee they’ll get their data back easily or intact–and they may be targeted continually afterward as an easy mark.”

On antivirus products being 100% effective against crypto ransomware …

“I would love to say Webroot is, or even privately name a competitor, but the truth is that I don’t know of any. I do know an endpoint security solution that is effective in most cases, from an organization that is focused on making it 100% effective all of the time, and I’m proud to say that it’s Webroot. I honestly believe we are best placed to minimize the impact for both our services partners and customers. Unfortunately, the nature of our business means there are no 100% guarantees on effectiveness.

“The fact is that no matter how proactive and effective you are today, attackers have the advantage and can test your defenses from a variety of threat vectors. That’s why security has always been about different layers and mitigation approaches. To mitigate crypto ransomware, you need more in-depth defenses.”

More to Come

MSPs can help protect their clients against ransomware by educating themselves on the threat and implementing the optimal technologies and policies to fight it. In our next blog post, we’ll discuss the top best practices that MSPs should follow to safeguard their clients from ransomware.

Want to find out if Webroot has what it takes to protect your customers? See for yourself with a no-risk FREE trial. You don’t even have to uninstall existing security.

Want to learn more about how Webroot partners with MSPs to delight customers, lower costs and boost profits? Learn more.

Guest blogs such as this one are published monthly and are part of The VAR Guy’s annual platinum sponsorship.