What is Ransomware?

Ransomware is malicious code that is used by cybercriminals to launch data kidnapping and lockscreen attacks. The motive for ransomware attacks is monetary—cybercriminals often demand virtual currency from the victim, with instructions on how they can recover from the attack.

Ransomware attacks continue to run rampant worldwide. 4,000 ransomware attacks occurred per day in 2016, and according to the FBI, cybercriminals are expected to collect over $1 billion in ransom this year.

At this point, managed service providers cannot ignore their clients’ increased need for an effective security solution. The best place to start is understanding the ins and outs of the biggest threat to modern business: ransomware.

How it Works

The deployment of a ransomware attack is strategic and insidious. Ransomware is a type of malware—or software that is intended to damage or disable computers and computer systems—and can be spread through malicious e-mail attachments, infected software apps, infected external storage devices and compromised websites.

In a data kidnapping attack, the ransomware may encrypt files on the victim’s device as well as other connected network devices. In the case of a lockscreen attack, ransomware may change the login credentials on the infected device.

It is inexpensive for cybercriminals to purchase ransomware-as-a-service (RaaS) programs in ransomware kits on the deep web, and the attacks take little effort to launch. Attackers can extort digital currency from their victims in a few different ways. For example, the victim may receive a pop-up message or email stating that if the ransom is not paid by a certain date, their data will be encrypted. The victim may also be duped into believing that they are the subject of an official inquiry that requires them to pay an electronic fine.

Key Terms & Definitions

Ransomware attack — a cyber attack where malicious software threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.

Cybersecurity — the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.

MSSP — Managed Security Services Provider.

Social Engineering — the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

Phishing — the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

CEO Fraud — the latest in a new generation of cyber attacks involving impersonation of senior company officials, using social engineering to coerce employees to transfer company money under the auspice of a legitimate business purpose.

Bitcoin—a type of digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank.

Wannacrypt — also known by the names WannaCry, WanaCrypt0r or Wcrypt is a ransomware which targets Windows operating systems.

Ransomware-as-a-service (RaaS) — a variant of ransomware designed to be so user-friendly that it could be deployed by anyone with little cyber know-how.

The State of Ransomware

The daily news is proof that business as we know it is wrought with cyber threats. With malicious attacks on the rise, organizations—especially small- and medium-sized businesses (SMBs)—are increasingly being targeted. Currently, 42 percent of employees in SMBs would not know what to do if their business experienced a cyber attack—which is largely due to the fact that  47 percent do not have employee security awareness and training programs in place. Cyber criminals are aggressively going after these businesses because they are easy targets—which places a lot of responsibility on the MSPs serving SMBs.

Recently, large-scale ransomware attacks like WannaCry and Petya – which use powerful exploits to enable rapid propagation across organizations—have further validated the need for enhanced IT security for businesses at high risk of shutting down if attacked. The facts are, businesses with 1,000 employees or less have a 90 percent likelihood of having a data breach costing more than $216,000, and 60 percent of small businesses close after a breach.

As an MSP who serves these SMB clients, it’s up to you to step in and provide robust cybersecurity that can withstand the modern threat landscape and ensure businesses remain protected and set to scale.

How MSPs Can Protect Clients from Ransomware

As an MSP offering your clients security services, they are turning to you for more than a cybersecurity solution; you can provide them peace of mind. 100 percent of IT professionals recently surveyed at an SMB said they could improve their cybersecurity systems—which presents an important opportunity for MSPs to enhance their methods for protecting clients from threats as serious as ransomware.

Keeping your clients educated will ensure they’re effectively prepared for the threats that will inevitably impact their business. You are responsible for understanding new ransomware variants and what it will require to safeguard the SMBs you work with, and then providing them cybersecurity best practices such as how to prevent ransomware. MSPs should consistently keep clients informed in terms of vulnerabilities and how to carry out an effective security plan of action that covers both preparation and recovery.

Your clients should be able to turn to you to detect and respond to threats and breaches when they do penetrate their defenses—and before they have a chance to do harm. Prevention, though critical, is not enough to arm SMBs from cyber attackers. Since ransomware attacks continue to get smarter and hit harder, MSPs must be able to not only detect and respond to incidents, but ultimately remediate any threats before they take their course.

In order to ensure your services remain disaster-proof, backup and disaster recovery must be central to your strategy and fit for purpose. It is only with BDR that MSPs can successfully fight ransomware.

Consider leveraging Continuum BDR, an advanced BDR platform with Continuous Data Protection (CDP) technology that can cut down on data loss and properly restore business continuity.See a Demo


Alex Jafarzadeh
March Communications