Malware - Ransomware

Anti-Ransomware: Avoiding the “Pay or Not to Pay” Dilemma

Adrien Gendre

January 06, 2022

17 min

Ransomware attacks on MSPs are becoming more aggressive and more common. For example, during the summer of 2021, cybercriminals attacked Kaseya, affecting 1,500 customers. Hackers demanded a $70 million ransom in exchange for the ransomware decryption key.

Cybercriminals are realizing that if they can attack the MSPs, they can get to their business customers much faster. 

Let’s explore some of the lesser known consequences of being hit by a ransomware attack; how even after paying the ransom, there's no guarantee that your or your clients' data will be decrypted; and how being a victim of ransomware can paint a target on your back in the future. We'll also discuss how anti-ransomware solutions work, and how they can help businesses avoid all of these negative outcomes.

The attacks 

Ransomware hijackers have grown larger and become more advanced. They’re now partnering with each other to organize highly sophisticated ransomware gangs that strike fast. 

In a Statista report, 54 percent of MSP respondents revealed that most ransomware infections in 2020 came from email phishing scams. Email is quick, cheap, and easy, especially when attackers use social engineering techniques to trick employees into clicking on a malicious link.

The problem with paying up

When we see figures like the $70 million ransom demand from the Kaseya attack, it's tempting to assume that MSPs would never pay such an exorbitant fee. But, most attackers know this. It's a lot easier for an MSP or its clients to pay a comparatively modest $5,000 ransom in exchange for all of their data. A ransom of around $5,000 may seem like a small price for an MSP to pay, but unfortunately, the problem doesn't really end there. Once an MSP pays, trouble ensues:

  • There is no incentive for the attackers to decrypt the data, and it encourages attackers to strike again. 
  • Even if the attackers decrypt the data, they may leave a Trojan horse or worm behind, opening up an MSP to future attacks.
  • They may sell the information, leaving the MSP vulnerable to other hackers.

What’s more, after an MSP pays, they still need to do a full forensics analysis of the network to find out where and how the attackers got in, and if there are any hidden destructive programs or viruses left behind. It takes a huge amount of hours, work, and money spent to clean up the mess after a breach. 

Most importantly, paying a ransom can actually be illegal. Businesses can be held responsible if they pay sanctioned individuals and organizations. 

The problem with not paying

If you don't pay to decrypt your data after a ransomware attack and don't have backups, you'll never get it back—but the threat goes deeper than that. Hackers may shut down an MSP’s services and website altogether, or contact their customers and key stakeholders to inform them of the attack. These criminals may also go as far as to release sensitive information if they don’t get payment.

A no-win situation?

Whether MSPs pay or not, they become vulnerable to being sued by the end user after an attack. MSPs could pay out even more money to defend class-action lawsuits brought by their customers for negligence and damages. For example, manufacturing company Boardman Molded Products filed a lawsuit against their MSP after a phishing scam occurred. According to the police report, the attack cost them over $1.7 million.

Businesses that have been exposed by a breach have no guarantee that their insurance will pay the claim, leaving MSPs even more vulnerable to financial fallout and lawsuits following an attack on their own networks.

This is why an anti-ransomware strategy is essential.

What an anti-ransomware strategy looks like

What can MSPs do to protect themselves and their customers? 

Since email is the easiest way in for an attacker, MSPs need to make sure they are paying close attention to email security with consistent end-user and team training. MSPs need to supply regular training for their clients so they know not to click on a phishing email, and on-the-fly training at the moment of need to reinforce best practices.

This means being able to conduct a thorough threat analysis quickly to find and remove suspicious emails before they hit their clients' inboxes. And if an attack does happen, MSPs should always have a secure backup solution in place so their clients aren't completely at the mercy of attackers.

Business clients, especially small- to -medium-sized businesses, are relying on MSPs to have effective, reliable security. An attack could happen any time, so MSPs must have everything in place.

Advanced threats need advanced threat protection

Since ransomware attackers are growing smarter and more sophisticated every year, your cybersecurity solutions need to keep up. You need to choose an anti-ransomware solution that uses innovative technologies to ensure you are protected.

Vade’s solutions for MSPs are purpose-built for fast deployment, ease of use, and optimal protection:

  • Because Vade natively integrates with Microsoft 365, it doesn’t require MSPs to redirect clients’ MX records, which means we’re internal and invisible to hackers. 
  • Vade continuously scans in real time. In addition to preventing threats from hitting your clients' inboxes, it also removes emails modified post-delivery.
  • Vade offers security information and event management (SIEM) integration and advanced threat investigation tools to conduct deep threat analysis. This allows MSPs to view detailed meta data, investigate attachments, upload files for analysis, and download emails to identify if and where remediation is needed.

Ultimately, Vade for M365 provides threat protection, user awareness training, and incident response. This allows MSPs to create a robust managed security service with a single solution.

If you're curious about how to talk to your clients about anti-ransomware solutions like Vade, why not send them our white paper, Protecting Your Company from Ransomware?