Home Security
PC Matic
PC Matic VPN
More Products
Support Unlimited
Identity Theft Protection
PC Magnum
Threat Awareness
How PC Matic Protects You
SuperShield Whitelist
Compare PC Matic
Norton
McAfee
Avast
AVG
Business Protection
PC Matic Pro
PC Matic MSP
Solutions
Allowlisting
Script Enforcement
Device Control
Patch Management
Remote Tools
Integrations
Server Security
Learn More
Resellers
Affiliates
Resources
Case Studies
Compare PC Matic Pro
ThreatLocker
Airlock Digital
VMware Carbon Black
AppLocker
For Federal
Partner Programs
Managed Service Providers
Channel Partners
Affiliate Partners
OEM Partners
Resource Center
All Resources
Case Studies
Data Sheets
User Guides
White Papers
Blog Resources
PC Matic Blog
Business Security
Home Security
Cyber News
Scam Alerts
Customer Service
Home Support
Business Support
Learn More
Getting Started
Knowledgebase
Tech Support Scams
Fake Virus Scams
Tools & More
Ransomware Center
Internet Speed Test
PC Matic
About
Careers
Learn More
Industry Recognition
Leadership
Commercials
Stay Up-to-Date
Newsroom
Blog
Events
TechTalk Podcast
Home Customers
My Account
PC Matic App
Add a Device
Renew Subscription
Business Customers
Business Login
Business Support
Search

Hackers Demand Millions from MSP After Infecting Networks with Ransomware

MSP Falls Victim to Ransomware, Infecting Thousands of Customer Networks

An unknown hacking group recently targeted a U.S. managed service provider (MSP) with ransomware.  This led to thousands of their customers getting infected with malicious software, totaling approximately 2,000 different networks.  After the ransomware executed, hackers demanded over $2 million to restore the encrypted files.  Whether or not these demands were negotiated and paid, remains unknown.

However, for this particular MSP, the damages could be catastrophic.  First, the ransom demands alone are incredibly high and likely improbable for an MSP to acquire.  Second, managed service providers are paid to provide a service for their customers — in this case, it was managing their cyber security.  If you, as a customer, pay for a service and that service isn’t provided, it’s entirely likely and justified, that the consumer is angry.  This anger could lead to finding alternative MSP services elsewhere.  Therefore, this attack is not only against the MSP’s consumer networks, but the MSP’s livelihood as well.  The damages, both financial and reputational, may prove to be detrimental.

Fears Becoming Reality

As it turns out, the fear of falling victim to a cyber attack is one that MSPs have been facing for some time.  However, there are ways to mitigate this risk.

The MSPs must be using security software that is focused on prevention.  This was not the case in this particular attack.  According to Dark Reading, this MSP was providing services that held heavy weight on detection and response.  Endpoint detection and response, or EDR, has become a major buzz word in the cyber security industry.  Unfortunately, when it comes to ransomware — EDR solutions provide rather limited remediation options.  The victim either pays the hacker in an attempt to decrypt their files, or they restore from backups.  Switching the emphasis to prevention is what MSPs must be doing, not only for themselves but for their customers as well.

This successful ransomware attack is a perfect example of EDR failing to provide adequate protection.  If this MSP was using an automated whitelist technology, this ransomware variant would have never been able to execute.  Why?  Because a whitelist will only allow for known, trusted programs to run.

To find a reseller or MSP near you that offers an automated, global whitelist approach to cyber security, click here.

 

Stop Responding to Threats.
Prevent Them.

Get Protected

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles