
NinjaRMM said its tool was used to spread ransomware across “multiple endpoints” within the last 36 hours, and it is encouraging partners to enable two-factor authentication, which it said could have stopped the attack, according to an email it sent to partners today.
“A malicious entity — or entities — was able to access the customer’s NinjaRMM account, most likely through a cached browser session, and was then able to use NinjaRMM to distribute ransomware across multiple endpoints,” the company’s chief security officer Lewis Huynh wrote. “(Two)-factor authentication was not enabled in this environment. If 2FA had been enabled, it is likely this malicious activity could have been prevented.”
Huynh said it appears that the breach is confined to “one NinjaRMM customer” but he said this same technique was previously used against MSPs using a rival brand RMM tool, so he said it is “imperative” that two factor authentication is turned on. San Francisco-based NinjaRMM supports multiple 2FA including SMS, Authenticator, and FIDO key.
“In addition, we strongly encourage employing other security best practices, including using a secure password manager, rather than reusing credentials and/or storing them within browsers,” Huynh wrote.
NinjaRMM marketing executive Rachel Spatz told CRN that the company itself was not breached, but a customer was hit this morning and alerted the company.
“This is an isolated incident, and because NinjaRMM itself was not breached, none of our partners are at risk of infection from this ransomware attack,” Spatz said. “But we have seen this attack tactic used before and wanted to warn partners that this same thing could happen to them, and send a strong reminder that enabling 2FA can help to prevent these types of attacks.”
One MSP who is using NinjaRMM for some of his network said he likes the company because it is independent, but he is concerned about the company’s maturity. He said in this particular case, there is plenty of blame to go around.
“Shame on so-called MSP's for not taking advantage of the available 2FA,” he said. “Shame on Ninja for not making the security of their platform one of their highest priorities. We require 2FA on any system that has access to non public information.”
In the email, Huynh said the company would roll out additional security measures “over the next few releases” which will include the giving system administrators the ability to enforce two-factor authentication on all or some or none of their users.
“We recognize that there is an inverse correlation between enhanced security policies and convenience,” Huynh wrote. “We want to be mindful of providing you with the most powerful and convenient RMM tool, while also providing security mechanisms that you can employ to help ensure that we all stay on top of the ever-changing world of security.”
This is the latest example of cyber criminals targeting MSPs through the tools they use. In February cyber criminals exploited ConnectWise partners who had not patched an integration tool with a rival MSP platform to install ransomware on end-users machines. Then in March, 100 Wipro endpoints were seeded ransomware through ConnectWise Control (formerly ScreenConnect), a remote support and remote access tool.
related stories
Video
trending stories
sponsored resources

OutSystems
Modern Application Development 360

Symantec
Symantec Business Security Learning Center

HP Amplify™ - A Simplified Global Program for the Customer-Driven Digital Age
HP Inc.

Dell Technologies
Dell Technologies Cloud Learning Center

NPD
Industry Trends 360

EPOS
EPOS

Smart 3rd Party
3rd Party Maintenance 360

Products of the Year Showcase

Cysurance
Cyber Insurance 360

Dell Technologies
Dell Technologies Storage Learning Center

BlackBerry
BlackBerry Learning Center

Spectrum Partner Program
Spectrum Partner Program

ADT
Network Security 360

Dell Technologies
Dell Technologies Server Learning Center

WatchGuard
WatchGuard

APC by Schneider Electric
IoT Platforms 360

Tenable
Cyber Risk 360

StorageCraft
Disaster Recovery Learning Center

Wasabi
Wasabi

Webroot
Webroot Learning Center

HubStor
Cloud Backup 360

Carbonite
Cloud Storage 360

Comcast
Comcast Business Learning Center

Trend Micro
Managed Security 360

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center
