Search
Homepage This page's url is: -crn- Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs HPE Discover 2019 News Cisco Partner Summit 2019 News Cisco Wi-Fi 6 Newsroom Dell Technologies Newsroom Hitachi Vantara Newsroom HP Reinvent Newsroom IBM Newsroom Ingram Micro ONE 2019 News The IoT Integrator Juniper NXTWORK 2019 News Lenovo Newsroom Lexmark Newsroom NetApp Data Fabric NetApp Insight 2019 News Cisco Live Newsroom HPE Zone Intel Tech Provider Zone

Five Recommended Ransomware Defenses For MSPs … And Our Experts Add Three More

‘If you don’t use Powershell, just uninstall it. And if you can’t, definitely monitor all Powershell calls and pretty much everything Powershell does on your system,’ says Fabian Wosar, an internationally renowned Ransomware recovery expert.

Back 1 ... 4   5   6   7  
photo

Is there anything they left out that you think ought to be included?

Krebs: My recommendation would be to get a lot more situational awareness about what is normal on your network, and what abnormal looks like. Getting hacked and getting a bunch of your customers hacked can be an existential issue for these MSPs. Again, I come back to information security governance. If the organization isn’t assuming, at any given time, that they aren’t already compromised, then they don’t really have an effective way to prevent their systems from being abused in these types of attacks.

Wosar: For an MSP, it’s maybe a good idea to have cyber insurance. Just assuming that the worst case happens and all their clients get encrypted, that they have some way to pay the ransom, no matter how high it is. The thing is, in a lot of cases, if you as an MSP get hacked and all your clients get encrypted, the ransomware authors will only negotiate with you as an MSP.

If you can’t pay, or if you go belly up, your clients are screwed because your clients can’t go to the ransomware author and try to negotiate to get their data back. So having some insurance or some policy, just for the worst case, is absolutely important.

What about backup?

Krebs: One thing I see over and over again with ransom attacks is everyone seems so fixated on the backups. ‘They must not have had backups. They must not have done that right.’ I think that’s sort of missing the forest for the trees.

For one thing, in almost all of these ransom attacks, it’s not like the bad guys get in and flip a switch and they got everything ransomed. And it’s not typical that a ransom is just going to spread by itself through the network -- although we’ve seen that with things like WannaCry and stuff that is powered by a type of worm. Most of the stuff is, bad guys get in. Might be an opportunistic compromise, right. Might be a mass phishing email, or it might be targeted. Increasingly it is targeted. But the point is, there is this one entry point. It can be weeks or months before the bad guys launch the ransomware.

So, there’s the opportunity for all potential victims to avoid that occurrence of having to suffer a ransomware attacks, if they’re set up to assume that bad guys are going to get in, and they’re set up to look for compromises inside their own environment.

The problem is, the vast majority of organizations are not set up this way. They just assume that whatever they’re doing on security is good enough. It’s kept them non hacked for years, and it looks like it’s working and then they wake up one day and come into work and all their systems are compromised.

Wosar: You have to keep in mind, once your RMM is compromised, that often means they do have access to the backups. If they can delete the backups, that is exactly what they will do. So that is like one of the ideas. You may have heard of the 3-2-1 rule when it comes to backups. You should have three copies of your data. It should be in two different locations, and one of them should be offsite. By offsite, not accessible to anyone, pretty much.

If you do manage back-ups for your clients and you can delete them, then you don’t have a real off-site copy. So maybe have an additional mirror, or an additional backup location, of your backup location that cannot be deleted.

 

 
 
Back 1 ... 4   5   6   7  

sponsored resources