Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs HPE Zone Masergy Zenith Partner Program Newsroom Intel Partner Connect Digital Newsroom Dell Technologies Newsroom IBM Newsroom Juniper Newsroom The IoT Integrator NetApp Data Fabric Intel Tech Provider Zone

Five Recommended Ransomware Defenses For MSPs … And Our Experts Add Three More

‘If you don’t use Powershell, just uninstall it. And if you can’t, definitely monitor all Powershell calls and pretty much everything Powershell does on your system,’ says Fabian Wosar, an internationally renowned Ransomware recovery expert.

Back 1 ... 4   5   6   7  

Is there anything they left out that you think ought to be included?

Krebs: My recommendation would be to get a lot more situational awareness about what is normal on your network, and what abnormal looks like. Getting hacked and getting a bunch of your customers hacked can be an existential issue for these MSPs. Again, I come back to information security governance. If the organization isn’t assuming, at any given time, that they aren’t already compromised, then they don’t really have an effective way to prevent their systems from being abused in these types of attacks.

Wosar: For an MSP, it’s maybe a good idea to have cyber insurance. Just assuming that the worst case happens and all their clients get encrypted, that they have some way to pay the ransom, no matter how high it is. The thing is, in a lot of cases, if you as an MSP get hacked and all your clients get encrypted, the ransomware authors will only negotiate with you as an MSP.

If you can’t pay, or if you go belly up, your clients are screwed because your clients can’t go to the ransomware author and try to negotiate to get their data back. So having some insurance or some policy, just for the worst case, is absolutely important.

What about backup?

Krebs: One thing I see over and over again with ransom attacks is everyone seems so fixated on the backups. ‘They must not have had backups. They must not have done that right.’ I think that’s sort of missing the forest for the trees.

For one thing, in almost all of these ransom attacks, it’s not like the bad guys get in and flip a switch and they got everything ransomed. And it’s not typical that a ransom is just going to spread by itself through the network -- although we’ve seen that with things like WannaCry and stuff that is powered by a type of worm. Most of the stuff is, bad guys get in. Might be an opportunistic compromise, right. Might be a mass phishing email, or it might be targeted. Increasingly it is targeted. But the point is, there is this one entry point. It can be weeks or months before the bad guys launch the ransomware.

So, there’s the opportunity for all potential victims to avoid that occurrence of having to suffer a ransomware attacks, if they’re set up to assume that bad guys are going to get in, and they’re set up to look for compromises inside their own environment.

The problem is, the vast majority of organizations are not set up this way. They just assume that whatever they’re doing on security is good enough. It’s kept them non hacked for years, and it looks like it’s working and then they wake up one day and come into work and all their systems are compromised.

Wosar: You have to keep in mind, once your RMM is compromised, that often means they do have access to the backups. If they can delete the backups, that is exactly what they will do. So that is like one of the ideas. You may have heard of the 3-2-1 rule when it comes to backups. You should have three copies of your data. It should be in two different locations, and one of them should be offsite. By offsite, not accessible to anyone, pretty much.

If you do manage back-ups for your clients and you can delete them, then you don’t have a real off-site copy. So maybe have an additional mirror, or an additional backup location, of your backup location that cannot be deleted.


Back 1 ... 4   5   6   7  

sponsored resources