For managed service providers, 2019 may be remembered as the year when ransomware attacks surged.
The number of ransomware attacks detected at businesses jumped 365% between mid-2018 and mid-2019, even as fewer attacks on consumers were detected, according to Malwarebytes.
MSPs and their clients are caught in the storm. A 2019 survey from Datto shows:
- 4 in 5 MSPs say their businesses are increasingly targeted by ransomware
- 56% of MSPs reported attacks on clients in the first half of 2019 and 15% reported multiple attacks in a single day
The trend is clear – attackers want fewer targets, more infected systems, and bigger ransoms – and service providers fit the profile.
Why Attack Service Providers?
Providers of cloud, data, and IT services are an attractive target for the online extortion racket.
Many providers – especially MSPs – have unfettered access to their clients’ systems. Others, such as hosting providers, manage services that are critical to their clients.
A breach at a single provider can cripple the operations of dozens, even hundreds, of companies that depend on it (examples below).
This puts enormous pressure on a provider after a ransomware attack. Not only are they grappling with an attack on their systems, but they are also grappling with angry clients who demand an answer.
Unfortunately, the fastest, easiest, and often cheapest solution is to pay the ransom. This further emboldens the criminals, fuels more attacks, and reaffirms that service providers are a profitable target.
The result: a growing number of ransomware attacks on service providers and their clients.
Recent Attacks on MSPs
Here is a sampling of recent ransomware attacks that targeted managed service providers and their clients.
Health IT MSP Hit
More than 100 nursing homes and acute care centers lost access to medical records and other systems last month after a ransomware attack hit their IT service provider in Wisconsin, according to Krebs on Security.
The attack hit many of the service provider’s core offerings, such as internet, email, patient records, billing and phone systems.
MSP Forced to Close
Dozens of dental clinics in the Pacific Northwest were infected with ransomware in July after their MSP was attacked.
The MSP, presumably overwhelmed by the size of the attack, stopped answering clients’ calls and closed the business three weeks later.
RMM Tool Breached
In August, attackers breach the remote monitoring and management (RMM) tool of an MSP in Texas, resulting in ransomware infections in the government offices of 22 Texas municipalities.
This attack fits another trend, the growing number of ransomware attacks against state and local governments.
IT Automation Tool Targeted
ConnectWise tweeted a warning to customers last month about an on-going effort by attackers to target on-premise versions of ConnectWise Automate for use in deploying ransomware.
Attacks on Cloud and Data Services
MSPs are not the only companies with access to data and systems that are critical to clients.
Other service providers – such as cloud hosting and data services – are suffering a growing number of attacks, too.
Large Data Center Hit
Last week, a ransomware attack at CyrusOne, a major data-center provider, impacted six of its managed services customers, including the financial firm FIA TECH, according to ZDNet.
Dental Data Backup Attacked
Approximately 400 dental practices had files encrypted in August as the result of a ransomware attack on their remote data backup service, PerCSoft, according to Krebs on Security.
Cloud Hosting Targeted
A ransomware attack last month hit SmarterASP.NET, an ASP.NET hosting provider with more than 440,000 customers, according to ZDNet. The attack encrypted systems owned by the provider and customer databases.
In July, another attack hit iNSYNQ, a cloud provider of virtual desktops, in which roughly 50% of its customers, many of them accountants, had data encrypted.