MSSPs Must Prepare Now for Next Ransomware Attack


Ransomware is nothing new and always top of mind for MSPs and SMBs, dominating the IT Security world for the past two years. With two major attacks in quick succession – May’s catastrophic WannaCry attack followed up by June’s Petya attack – everyone is on high alert and looking for the best route to keep their organizations and end users safe.

The numbers don’t lie: 2016 saw four times as many ransomware attacks as previous years, and 2017 is already on a path to being even worse – some studies warning the number could double over 2016’s already astronomical number of attacks. Meanwhile, as ransomware is making headlines, data breaches continue to be a major concern, with new regulations on the horizon and the weight of the damage to reputation and business data breaches can cause.

While healthcare and financial services businesses are most frequently hit, no industry is immune: 92% of IT firms reported ransomware attacks on their clients. Despite these numbers, according to the FBI only one in four attacks are actually reported.

There’s a temptation to simply pay the ransom and move on, but the FBI also warns that 70% of businesses who paid the ransom were attacked again later.

What MSSPs Must Do

A great deal of industry chatter focuses on having dependable backups of your data, but getting ahead of the problem can save IT professionals countless hours – prevention is better than recovery. One of the key culprits for WannaCry’s success was a vulnerability in Windows machines that Microsoft had already provided an update to close off. Patches had already been issued to protect against the exploits used, but unpatched machines or out of date, unsupported operating systems were still vulnerable.

Like disk encryption can prevent data breaches when an employee loses a laptop (such as Sophos Central Device Encryption), specifically designed solutions to protect against ransomware can save the day for organizations of all sizes, and show admins exactly how ransomware enters into an organization, addressing the most commonly asked question to MSPs and MSSPs alike. New solutions like Sophos Intercept X caught WannaCry and Petya for any business that that had implemented the product.

Of course, a dependable backup shouldn’t be neglected – it’s good practice not just for ransomware but all potential threats. But with the right preparation and tools in place, that backup plan can remain exactly that – backup, rather than your only chance of recovery.

Human Error: The Largest Attack Vector

The bottom line: the end user is still the biggest attack vector for hackers, particularly with the advanced social engineering techniques bad actors are using to fool users. Phishing emails have open rates most marketing departments would kill for, and that speaks to how well-crafted the messaging has become for these attacks. Educating end users about what these malicious emails and messages are, what they look like, and how to spot telltale signs of a malicious email will help stop an attack at the source: the end user clicking an email, link, or file that will launch the ransomware.  Solutions like Sophos Phish Threat can provide phishing simulations and educate users who fall for these simulated attacks, helping increasing the security posture of end users so that they won’t fall for a real phishing attack when one inevitably arrives.

More and more ransomware doesn’t even require the end user to download an attachment, so it’s easier than ever to make a mistake – the more education you provide your end users, the safer your organization will be.

MSPs can make life easier for their clients by managing all of these solutions under one umbrella. Endpoint, anti-ransomware, anti-exploit technology, and user education and training through one vendor, one pane of glass, one management console. It’s challenging enough to prepare for the next attack – simplifying management of those solutions can help keep clients several steps ahead of the next threat. And with solutions like Sophos Synchronized Security, endpoints and firewalls can work together automatically to keep threats at bay, while features like rollback and root cause analytics – available through Intercept X – can lock down an attack, restore any damaged files, and help you and your clients analyze exactly what happens so you can plan for the future.

Guest blog courtesy of Sophos. Read more Sophos blogs here.