Ransomware Attacks MSP, Encrypts 100 Customers: Report
A ransomware attack has spread from a Colorado MSP (managed IT services provider) through remote access software to more than 100 dentistry practices, KrebsOnSecurity reports.
The ransomware attack apparently hit Complete Technology Solutions of Englewood, Colorado, though the MSP has not commented about the situation, and MSSP Alert has not independently confirmed the report.
The attack apparently involved remote access software that did not have two-factor authentication (2FA) activated. Black Talon Security of Katonah, New York has been assisting some of the dental practices with the recovery effort, KrebsOnSecurity added in a December 8 update.
Dentist offices remain a prime target for ransomware attacks because the businesses are generally profitable and have mission critical applications like electronic health records (EHR), imaging and customer relationship management (CRM) systems.
Amid that reality, PerCSoft, a Wisconsin company that provides an online data backup service for dental offices, suffered a ransomware attack in August 2019. The ransomware encrypted files for approximately 400 U.S. dental offices.
FBI Ransomware Warnings to MSPs
The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.
Although MSPs and their software providers have generally raised their defenses in 2019, attacks have continued and some corners of the MSP industry now face a “crisis of credibility, ChannelE2E and MSSP Alert believe.
Still, more signs of progress are emerging. Thousands of MSPs are activating two-factor authentication as a means to stop hackers from entering systems. In many cases, software providers are activating 2FA as a default setting. And increasingly, the 2FA setting is mandatory.
Still, 2FA isn’t a cure-all for ransomware attack mitigation.
MSPs Fighting Ransomware: Basic First Steps
To get ahead of the ransomware threat, MSSP Alert and ChannelE2E have recommended that readers:
- Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
- Study the NIST Cybersecurity Framework to understand how to mitigate risk within your own business before moving on to mitigate risk across your customer base.
- Explore cybersecurity awareness training for your business and your end-customers to drive down cyberattack hit rates.
- Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.
- Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA Conference, Black Hat and Amazon AWS re:Inforce. (PS: Also, keep your eyes open for PerchyCon 2020 — more details soon.)
Spot on, as usual Joe. For MSPs out there concerned about their own security and that of their clients, please join the TSP-ISAO at http://www.tsp-isao.org. This new Information Sharing and Analysis Organization for MSPs is a vendor neutral non-profit that will correlate, analyze and disseminate cybersecurity threat intelligence along with actionable remediation recommendations for MSPs and their clients. Membership is free for 2020, thanks to the generosity of our Founding Members and we are projecting ongoing MSP membership fees of $99 per year. This is a complete no brainer and something we, as an industry, must come together to address, putting aside all competitive concerns. If we don’t, the “crisis of credibility” you mention will become a mainstream concern for our clients. The TSP-ISAO is active now and is an open tent for all to join. All we ask is that members participate and share their own threat intelligence back into the platform to be analyzed and distributed as appropriate. Thanks for helping to keep awareness of this critical issue high and spreading the word on what we all can do to help. Keep up the great reporting JP! MJ
MJ: Thanks for the info and background.
Readers: TSP-ISAO. Memorize that acronym and engage.
Very important article. MSSPs should definitely have tools like Nessus for deep vulnerability scans.
Domotz also have some features to increase the Security of a network and implement security best practices. Worth taking a look at. https://www.domotz.com/