MSPs: ‘We Need More Bodies To Help’ Win Ransomware ‘War’

‘When you see people in a hospital getting a chemo treatment that’s being affected by a ransomware attack — that’s very eye opening,’ says Mark Jones, founder and CEO of BlackLake Security.

With the U.S. Department of Justice reportedly elevating ransomware attacks to a similar level of terrorism, MSPs are worried SMBs might not be getting the same level as treatment as larger companies who the government throws its weight behind, such as the Colonial Pipeline.

Some of the top security MSPs in the nation told CRN that ransomware attacks are putting many SMBs out of business and the U.S. government needs to start treating ransomware as terrorism.

“Ransomware can literally shutter the business,” said John Marler, president and CEO of Houston-based solution provider Set Solutions, adding that virtual ransomware attacks can be just as harmful to businesses as physical attacks. “Imagine that scenario in a physical attack where a band of rogue pirates in the back of a van come and crash into their office, beat everybody and beat all of the computer systems. We would be outraged.”

[Related: DOJ Treating Ransomware As Terrorism Brings It ‘Out Of The Darkness’: MSPs]

Tom Turkot, vice president of sales at Buffalo Grove, Ill.-based solution provider ACP CreativIT, said ransomware attacks on SMBs are nothing new, but aren’t talked about. However, the impact can be devastating.

For example, one of ACP CreativIT’s customers recently began noticing something was off with its IT environment around 5 p.m. local time. The client somewhat shrugged it off even when ACP told them it was urgent and needed to be solved.

“Something’s happening,” the ACP engineer told the client. “We’re getting 60 messages a minute.” The customer said he’d look at it in the morning.

“Well by the morning, all of his stuff was frozen,” Turkot said. “The bad news is that his backups were connected to the network, so you can’t go back to the backups. … The funny thing is, if he just unplugged his server at 5 o’clock, none of this would have happened. That’s how quickly it can happen, and people don’t understand what the real threat is.”

“The litigation on this, on the hacking, could be huge going forward,” he added.

And the cost of dealing with ransomware attacks is rising. According to a recent survey from Sophos, the average total cost of recovery from a ransomware attack more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021.

Last December, just days before Christmas, more than 300 employees at Arkansas-based telemarketing firm The Heritage Company were sent home and told to find new jobs after ransomware recovery efforts were unsuccessful, according to ZDNet. The same happened to two separate medical practices in Michigan and California. The latter shut down all operations after they lacked the funds to pay the ransom.

This month, the Department of Justice sent internal guidance to U.S. attorneys’ offices nationwide stating that any information on ransomware investigations should be centrally coordinated with a task force that was recently created in Washington, D.C., according to a Reuters report.

To better protect SMBs as well as help companies understand the true dangers of ransomware attacks, the government should create a “list of things to do” or a template that SMBs need to follow, said Turkot.

“There needs to be some sort of CISO (Chief Information Security Officer) sign-off for a publicly-traded company that says they meet whatever standards,” he said. “It needs to be something that’s standardized.”

Enterprises tend to have backups and some scalability as well as the ability to bring in experts and expertise to help solve the problem. In most cases, though, SMBs are working with a much smaller budget and if they don’t help from MSPs, the results of a ransomware attack can be devastating.

Mark Jones, founder and CEO of BlackLake Security, said the days of being inactive and not caring about security are gone.

“ The smaller companies might have a single firewall, they might not have a lot of endpoint security,” Jones said. “They don’t really have any cybersecurity experts on staff, and that sort of falls right into the second aspect of growth of the MSPs. That’s where we’re finding that we’re going in and we’re able to give them what they really want.”

All companies, large and small, need to be paying attention to ransomware, Jones added. “Everybody’s listening,” he said. “And we need more bodies to help with this war. This is a big problem. When you see people in a hospital getting a chemo treatment that’s being affected by a ransomware attack — that’s very eye opening.”