MSP Ransomware Attacks Explode in 2019

msp ransomware attacksFor managed service providers, 2019 may be remembered as the year when ransomware attacks surged.

The number of ransomware attacks detected at businesses jumped 365% between mid-2018 and mid-2019, even as fewer attacks on consumers were detected, according to Malwarebytes.

MSPs and their clients are caught in the storm. A 2019 survey from Datto shows:

  • 4 in 5 MSPs say their businesses are increasingly targeted by ransomware
  • 56% of MSPs reported attacks on clients in the first half of 2019 and 15% reported multiple attacks in a single day

The trend is clear – attackers want fewer targets, more infected systems, and bigger ransoms – and service providers fit the profile.

msp ransomware targetedWhy Attack Service Providers?

Providers of cloud, data, and IT services are an attractive target for the online extortion racket.

Many providers – especially MSPs – have unfettered access to their clients’ systems. Others, such as hosting providers, manage services that are critical to their clients.

A breach at a single provider can cripple the operations of dozens, even hundreds, of companies that depend on it (examples below).

This puts enormous pressure on a provider after a ransomware attack. Not only are they grappling with an attack on their systems, but they are also grappling with angry clients who demand an answer.

Unfortunately, the fastest, easiest, and often cheapest solution is to pay the ransom. This further emboldens the criminals, fuels more attacks, and reaffirms that service providers are a profitable target.

The result: a growing number of ransomware attacks on service providers and their clients.

Recent Attacks on MSPs

Here is a sampling of recent ransomware attacks that targeted managed service providers and their clients.

Health IT MSP Hit

More than 100 nursing homes and acute care centers lost access to medical records and other systems last month after a ransomware attack hit their IT service provider in Wisconsin, according to Krebs on Security.

The attack hit many of the service provider’s core offerings, such as internet, email, patient records, billing and phone systems.

MSP Forced to Close

Dozens of dental clinics in the Pacific Northwest were infected with ransomware in July after their MSP was attacked.

The MSP, presumably overwhelmed by the size of the attack, stopped answering clients’ calls and closed the business three weeks later.

RMM Tool Breached

In August, attackers breach the remote monitoring and management (RMM) tool of an MSP in Texas, resulting in ransomware infections in the government offices of 22 Texas municipalities.

This attack fits another trend, the growing number of ransomware attacks against state and local governments.

IT Automation Tool Targeted

ConnectWise tweeted a warning to customers last month about an on-going effort by attackers to target on-premise versions of ConnectWise Automate for use in deploying ransomware.

Attacks on Cloud and Data Services

MSPs are not the only companies with access to data and systems that are critical to clients.

Other service providers – such as cloud hosting and data services – are suffering a growing number of attacks, too.

Large Data Center Hit

Last week, a ransomware attack at CyrusOne, a major data-center provider, impacted six of its managed services customers, including the financial firm FIA TECH, according to ZDNet.

Dental Data Backup Attacked

Approximately 400 dental practices had files encrypted in August as the result of a ransomware attack on their remote data backup service, PerCSoft, according to Krebs on Security.

Cloud Hosting Targeted

A ransomware attack last month hit SmarterASP.NET, an ASP.NET hosting provider with more than 440,000 customers, according to ZDNet. The attack encrypted systems owned by the provider and customer databases.

In July, another attack hit iNSYNQ, a cloud provider of virtual desktops, in which roughly 50% of its customers, many of them accountants, had data encrypted.


Related Resources

Ransomware Attacks Grow More Targeted & Dangerous

Hacker Group Targeting IT Providers and Customers

BlueKeep: Severe Vulnerability in Windows RDP

Written by Calyptix

 - December 9, 2019

About Us

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology. Our customers do not waste time with security products designed for large enterprises. Instead, we make it easy for SMBs to protect and manage networks of up to 350 users.
call us
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram