Ransomware Support Is Core Value Driver for MSSPs
… a Catch-22: to pay or not to pay an attacker’s ransom demands. Law enforcement continues to advise that organizations should never pay the ransom demanded to restore access to encrypted assets. But a growing number of cybersecurity practitioners have been forced to consider payments as a course of action to minimize financial loss and other damages.
The question of whether to pay a ransom to threat actors is foremost a business decision, which should be informed by conducting a cost-benefit analysis defined within an organization’s incident-response plan. But if an organization decides to explore the option of ransom payment, it will need the support of external response specialists. The reasons for this are threefold:
- Given the inherently nefarious nature of ransomware payments, regaining access to encrypted assets after paying ransom is never a guarantee. However, by having external analysts with visibility into illicit online communities investigate the threat actor behind the attack to assess their track record of reputability, teams can determine whether the actor is reasonably likely to uphold their part of the bargain.
- When it comes to negotiating with threat actors, experience and savviness can make all the difference. Having an external specialist who is well-versed in strategies for haggling with adversaries carry out the engagement on an organization’s behalf can ensure the best possible outcome while avoiding the substantial operational security risk posed by directly engagement.
- Acquiring the cryptocurrency needed to pay ransom at a moment’s notice is rarely feasible, and engaging in a direct transaction with a cybercriminal can have security ramifications for ransomware victims. The support of an experienced third party with access to cryptocurrency and the ability to ensure secure payment greatly reduces the risk posed by such transactions.
No organization wants to ever be in a position where it needs to call in to make a ransom payment to a cybercriminal. And by providing customers with the resources needed to implement proactive cyber defenses, you can greatly reduce their likelihood of finding themselves in such a predicament. Notwithstanding, by including threat-actor engagement and ransom-payment services as part of your comprehensive MSSP offering, you can provide your customers with the peace of mind of knowing that in a worst-case scenario, they’ll have expert support every step of the way.
A comprehensive strategy for addressing ransomware threats requires multiple components. First, organizations must have access to the tools and intelligence sources needed to adopt risk-based vulnerability management and other cybersecurity best practices that reduce the likelihood of an attack occurring in the first place. Second, organizations must implement education and response planning to ensure IT staff are prepared to act quickly and effectively in the event of a ransomware attack. Third, if it’s determined that paying a ransom is a necessary last resort, organizations need rapid access to cryptocurrency and the ability to pay the ransom securely.
These are daunting requirements for smaller or cash-strapped IT security teams to fulfill without external support. MSSPs have the power to help organizations address this predicament by partnering with vendors that offer the necessary resources for addressing these requirements and delivering those resources to customers as part of their subscription services.
By partnering with vendors that recognize the importance of approaching cybersecurity strategy from a nuanced, contextualized point of view that acknowledges how various situational factors determine the best course of action when responding to a ransomware attack, MSSPs can deliver enormous value to customers. Better yet, by bundling ransomware readiness and response capabilities with services that address other common IT-security capabilities gaps with a similar level of contextualized nuance, an MSSP can position itself as a comprehensive provider of solutions that empower customers to make smart decisions around risk and defend against the threats that matter most.
As senior director, head of worldwide channels and partnerships at Flashpoint, Ayesha Prakash leverages her extensive experience driving business development and marketing efforts in the IT sector to build Flashpoint’s global channel program. Follow her on Twitter @yoursocialnerd and @FlashpointIntel.