Ransomware Corrupts the Systems of MSPs and Their Clients
Three Managed Service Providers (MSPs) have found themselves in a bit of hot water after ransomware spread throughout their network and that of their clients. MSPs offer managed services to businesses, including the management of their cyber security.
Since this attack was just reported, very few specifics have been released to the public. However, here is what we do know. At least three MSPs were impacted; however, the number of MSP clients affected remains unknown. Upon early investigations, it remains unclear how the hackers breached the Webroot and Kaseya networks. However, it does appear they were able to remote access into the computers using stolen credentials. From there, hackers used both Webroot and Kaseya to execute what is believed to be the latest ransomware threat, Sodinokibi, through PowerShell.
It is important to note, the execution through PowerShell would likely not be stopped by several security solutions, because the malware is running through a trusted scripting engine, not an executable file. Therefore, to effectively avoid this threat, users must deploy a security solution that has a fileless malware prevention component.
Just this week, ransomware researchers from Coveware stated they believed Sodinokibi would be the next big threat when it comes to ransomware, projecting it will take the place of the newly retired, GandCrab.
Once Sodinokibi launched, it encrypted the network’s files and deleted the backup copies as well.
Not all Webroot or Kaseya customers are believed to be targeted. Researchers have confirmed, the MSPs who have been hit did not have two-factor authentication enabled in either program.
A Lesson Learned
MSPs are trusted to keep business networks secure. Yet, in some cases, are failing to execute the basics when it comes to cyber security hygiene.
To ensure your networks are secure, businesses and MSPs should:
- Change your passwords frequently
- Set up a password complexity model
- Enable two-factor authentication on all programs and applications that permit it
- Deploy a security solution that utilizes application whitelisting and malicious script blocking
3,050 total views, 3 views today