How MSP-Managed Endpoints Can Deal With Ransomware

Written by Derek Handova
February 19, 2019

Training is the most important tool in battling ransomware.

How can an MSP provide critical cyber and cloud security that will satisfy IT pros and end users while effectively thwarting ransomware? This article will lay out critical endpoint security trends in the market and illustrate how MSP-managed endpoints can deal with ransomware and provide insight into the state of ransomware in the channel.

CipherTechs’ Eric Dowsland

The common denominator among ransomware experts in dealing with this scourge at the endpoint seems to focus on increasing the level of training of enterprise personnel. The untrained worker poses the most likely point of entry for ransomware at the endpoint, according to informed cybersecurity experts.

“In our experience, the leading cause of ransomware infection is due to the uneducated employee,” says Eric Dowsland, CISSP and director of managed security services, CipherTechs, which delivers security solutions for businesses. “Without strong cybersecurity awareness, your employees won’t have the skills to identify phishing emails and spoofed websites, which host the compromised malware which cause this attack.”

And with ransomware essentially taking control of an end user’s machine by encrypting everything on it, that makes it nearly impossible for the machine to be used and any data on the device is held hostage until the ransom is paid. But where does ransomware come from? The majority is from users clicking malicious links or downloads, according to C-level infosec experts. But the number of drive-by attacks – or drive-by downloads – where the employee accesses a website that installs malware without her knowledge has been cut drastically with modern security improvements.

Clear Guidance Partners’ Dustin Bolander

“So now ransomware is revolving heavily around user interaction,” says Dustin Bolander, CIO, Clear Guidance Partners, provider of fractional CIO services and managed IT. “A lot of it comes in via email, whether as attachments or as a link to a site that prompts a download.”

In his opinion, user training is the No. 1 way to combat ransomware, by putting a valid sense of fear into people so they think before they click. But that’s only the first part; IT also needs to be very responsive when users call and ask if an emailed invoice is legitimate or not. “If they’re having to wait hours to find out, that decreases the likelihood that they will check in next time, defeating the purpose,” Bolander says.

Biggest Ransomware Challenges at the Endpoint

Malwarebytes Labs’ Adam Kujawa

Ransomware and malware are constantly evolving and being modified by their creators to do a better job at attacking users as well as avoiding detection from security software. So how can MSP-managed endpoints deal with ransomware where one of the biggest challenges is keeping up with that cat-and-mouse game, when one side develops new tech, the other gets around it, then the first patch and so on?

“We’ve seen so many ransomware families over the years – especially ones that encrypt files – show up out of nowhere and cause significant problems,” says Adam Kujawa, director of Malwarebytes Labs at Malwarebytes. “It’s most important to identify ransomware-like processes and kill them instead of trying to hunt and identify specific ransomware families.”

But also keep in mind that the motivation for ransomware is predominantly – if not exclusively – financial in nature. The goal is to …