Hackers “Making Billions” Off Ransomware

Even the largest solution providers in the world, each with thousands of employees, billions in annual sales, political clout, and access to the best security that money can buy are no safer from hackers in 2020 than the smallest MSP in 2019.

“These groups are making billions, and they have a lot more to invest in their attacks than they used to,” Brett Callow, threat analyst with Emsisoft, which designs anti-malware software, and monitors attacks worldwide told CRN. “They have the money to ramp up their operations in terms of their scale and sophistication. It is inevitable that they will have more success with bigger targets … Nobody is safe.”

Whereas last year, dozens of smaller MSPs were being crypto-locked, this year has seen hackers up the stakes and aim for bigger targets with Cognizant, Conduent, Xerox and now DXC Technologies each falling prey to ransomware attacks. The hits have not just disrupted business by encrypting systems, but they have offloaded gigabytes of customer information and posted it for sale online.

In terms of the danger this poses, Callow said it not only hobbles business operations in the short term, but depending on the size and scale of the attack, it could expose the victims to lawsuits if customer data is released into the wild.

“It’s potentially huge,” he said. “It’s going to vary from case to case … These incidents are no longer simply encryption events. They are actual data breaches, which changes things considerably. Its no longer a mere case of business interruptions, but there’s the potential for lawsuits as well. There are multiple lawsuits ongoing against companies that have experienced ransomware attacks.”

Here are the five attacks against major solution providers since last year.