How MSPs should speak to their clients about ransomware

Toby Nangle, global partnership and channel lead at Field Effect

Ransomware remains one of the most urgent and pressing cyber risks facing organizations everywhere. On average, the cost of a ransomware attack sits at US$4.62 million. The days when hackers would deploy ransomware to attack only the largest enterprise targets are long gone. 

The reality is that every business—regardless of size or the sector they serve—is a potential target for a devastating ransomware attack. 

Compared to other cyber attack techniques, ransomware is explicitly designed to be disruptive and frustrating to deal with. 

These attacks are so prevalent that MSPs will need to discuss the ransomware epidemic with their clients at some point. Knowing how to approach the subject means coming to the table with a strong understanding of ransomware—as well as what steps can be taken to protect against it. 

What is ransomware? 

Ransomware is a type of malware, or malicious software, that blocks access to important systems or data. Attackers start by gaining initial access to a computer, smartphone, network, or other internet-connected device, often using various social engineering techniques like phishing to do so.  

By removing access to vital data or IT systems unless a ransom is paid, ransomware attackers exploit an organization’s sense of urgency around restoring operations. Unfortunately, that urgent need to get things up and running again means that many ransoms are paid. 

Phishing emails are designed to look as authentic as possible to encourage users to click on a link or file and disclose their credentials. In some cases, opening the link or file may even immediately install ransomware on a device. This will encrypt the data, rendering it inaccessible to authorized users.

The attacker then promises to restore access once a ransom payment is made to an account they control. Organizations that choose to pay also aren’t guaranteed access to their data; paying may even be illegal, depending on their location. 

Although phishing accounts for the majority of attacks, training on how to spot these malicious emails and messages may not be enough. Some ransomware attacks target existing security vulnerabilities such as unpatched software.  These security gaps give attackers the foothold they need to gain further access and launch ransomware attacks undetected.

Who is a target of ransomware?

As mentioned earlier, every organization may be a target. In fact, smaller businesses may be more appealing targets than large enterprise organizations due to their relatively limited cyber security resources and experience. 

Attackers will target any industry, too. For example, in May 2022, the Regina Public Schools division in Saskatchewan was targeted by a ransomware attack that encrypted 500 gigabytes of data—including tax reports, staff health information, and social insurance numbers. 

What are the most common types of ransomware?

There are many different ransomware variants, or strains, in the world. Most can be classified as one of three broad types:

  • Crypto ransomware: Broadly speaking, crypto ransomware is the most common type of ransomware, and is so named because it encrypts the data on a device or network. 
  • Locker ransomware: Locker ransomware blocks access to specific files, locking users out, hence its name. In some cases, locker ransomware will display a message claiming to be from a law enforcement agency, demanding payment of a “fine.” 
  • Doxware: Unlike other major strains of ransomware, doxware threatens users with exposing confidential data or files. Also known as extortion ransomware, doxware is highly targeted and typically targets sensitive personal information or intellectual property. 

Regardless of the type of ransomware used to target your customers, the outcomes of a successful attack are devastating and impact finances, operations, and reputation alike. 

Companies targeted by ransomware attacks may lose businesses to operational downtime, lose customers due to reputational damage following the disclosure of an attack, and have to spend even more on top of these losses just to regain ground. 

While immediate financial problems frequently get the most attention, stolen trademarks, patents, copyrights, and trade secrets are just as appealing to attackers. Your customers’ hard work can vanish overnight if this valuable intellectual property is ransomed and exposed to the public. 

What steps can MSPs take to protect their clients from ransomware?

Defending against ransomware may seem like a tall order for MSPs, given just how prevalent and damaging attacks can be. 

There’s good news, though: by providing your customers with access to information and vital technologies, your MSP business can ensure clients have the protections and practices they need to stay safe from modern ransomware threats. 

  • Back up data regularly. Regular backups of sensitive and important information can help ensure business continuity in the event of a ransomware attack. If an attack does lock up customer IT systems, access to a recent backup enables quick restorations so they can focus on getting their business back up and running. 
  • Keep systems and software updated. As mentioned earlier, some strains of ransomware are able to infect systems due to software vulnerabilities. Applying patches and software updates promptly is the best way to close security gaps attackers commonly exploit to gain access to a system. 
  • Block known malicious sites and ensure safe browsing. Using a DNS firewall will allow you to limit access to known malicious websites, helping defend against potential social engineering attacks while blocking malicious code and securing access to cloud apps and corporate websites. Leveraging a virtual private network (VPN) can also help, giving workers a secure means of accessing corporate data or otherwise connecting to your customers’ networks from remote locations.
  • Foster a culture of cyber security. One of the biggest cyber security obstacles facing your customers is training and awareness. Your customers understand that there are cyber threats targeting their business, but they often don’t know what best practices to follow to enhance their defence. Giving your customers access to training and educational resources, with best practices on passwords, multifactor authentication, and more, helps foster a culture of cyber security. 
  • Monitor for threats and suspicious activity. Staying ahead of ransomware demands a view into what’s happening across customer IT environments. Rely on a cyber security solution that monitors for threats 24×7 and automatically alerts you if it detects suspicious activity indicating an attack. Look for a proactive monitoring solution that also identifies vulnerabilities and provides guidance about how to prevent ransomware infections.

That’s just the tip of the iceberg. Cyber security can be a highly complex topic to tackle for even the most well-informed MSP, but with the right resources, you can confidently speak to your customers about how to best address the threats they face. 

A bit of knowledge goes a long way. For more information on how best to protect against ransomware—not to mention other common cyber threats—download your copy of The 2022 employee cyber security handbook.