MSPmentor Blog

Ransomware Prevention Tips for MSPs


In 2016, ransomware is having the best year ever. The attacks are successful and happening more often than ever before. In Q1 alone, ransomware delivered a cool $200M+ to the cyber bullies behind it.

If you’re an MSP, it’s highly likely you’ve seen ransomware infect your end users in the last year, no matter how often you’ve urged them to be wary of phishing scams and malicious Web ads. These days, the malware seems to slip through the cracks no matter what defenses a company has in place. As the landscape of ransomware continues to evolve and the variants themselves grow in sophistication, it’s essential that IT professionals do everything they can to ensure disaster recovery and business continuity plans for the vulnerable SMBs at risk.

In 2016, ransomware is having the best year ever. The attacks are successful and happening more often than ever before. In Q1 alone, ransomware delivered a cool $200M+ to the cyber bullies behind it.

Of the ransomware making headlines in 2016, a few dominant strains have been noticeably frequent. These variants use an AES algorithm to encrypt files, and bitcoins are often the form of payment demanded by hackers for decryption. While standard ransoms fall around $500 dollars, it’s the downtime costs that can be deadly--particularly for small businesses. Help your customers survive the 72-hour window often allotted by hackers by keeping yourself (and your end users) well-versed in the latest forms of ransomware.

Here is what your customers need to know about common forms of ransomware today:

  • CryptoLocker became notorious in 2013 for extorting millions from unsuspecting users. It was shut down in 2014, and was then replicated by strains of ransomware that followed. This is where the idea of keeping client’s data held at ransom was born. Really, it’s a catch-all term you can use to help clients understand what’s happening to their data.
  • If you have clients on Office 365, be weary of Cerber. This nasty strain targets users within the cloud-based application through phishing schemes. If your clients are using Outlook as their email client, there’s a chance that they may fall victim to Cerber and should be wary of suspicious emails. Make sure your customers can identify these types of emails in order to avoid them.
  • Jigsaw takes CryptoLocker to new levels. Once the ransom is demanded, files are progressively deleted until it is paid. There’s no way to escape this one without losing some files. So much for the 72-hour window! For clients who work on billable hours, this can lead to severe revenue loss. They’ll spend a good deal of time repeating the same work they’ve already billed their customers for, but at their own expense.
  • Locky disguises itself via email as an invoice. Once the attachment is opened, the message is scrambled and users are instructed to turn on macros to read it. Make sure your client base knows about this tactic! Because once macros are enabled, the virus instantly encrypts files. Not quite the invoice you were expecting, huh?

Hackers are becoming more creative and aggressive in their efforts to extort money from businesses. Why wouldn’t they? No one is stopping them! According to the U.S. Department of Homeland Security and IT pros around the world, the best thing you can do for you clients is to educate them about cybersecurity and the risk of ransomware, and (more importantly) ensure the are leveraging a solid backup and recovery solution JUST in case.

If you’re interested in learning how to best educate your customers about the current state of ransomware, we encourage you to join Datto alongside managed service providers for a webinar, ‘Ransomware Made MSPeasy’ on Sept. 8. Want more content in the meantime? Check out, “The Business Guide to Ransomware” for more tips on ransomware prevention among your end users.

Samantha Ciaccia is Channel Engagement Manager at Datto Inc.

Guest blogs such as this one are published monthly and are part of MSPmentor's annual platinum sponsorship.



Discuss this Blog Entry 0

Post new comment
or register to use your MSPmentor ID

Sponsored Introduction Continue on to (or wait seconds) ×