A couple of weeks ago it was a Managed Service Provider in Denver. A few weeks before that, it was one in Wisconsin. This week it is Irvine, CA based Synoptek with more than 1,100 customers including state and local governments, financial services and healthcare. Their web site says that they did more than $100 million in business last year.
Someone captured a Tweet of theirs before they deleted it:
Now that they were hit by a ransomware attack which encrypted customer data on Christmas Eve, they probably wished they took their own advice.
They are being very quiet about the whole thing, but reports say that it infected a subset of their customers and that they paid the ransom. Hopefully they have insurance to cover the cost.
Unlike the attack in Colorado, it looks like these guys were better prepared and were able to contain the attack and are working quickly to mitigate it.
Several thoughts here:
- It looks like this *IS* becoming a thing because for an MSP, if they don’t pay the ransom, if they don’t decrypt their clients’ data, if they don’t minimize the consequences, they are likely out of business. From an attacker’s standpoint, this is THE BEST scenario.
- Since there are likely tens of thousands of these service providers out there from mom & pop shops to a few hundred employees (Synoptek has about 700 peops), there is no shortage of opportunities
- As an MSP’s customer, you want to ask those embarrassing questions like do you have insurance, are you prepared and how long would I be down?
- This attack also went after the remote control software, which is a weak spot for MSPs. There are some options when it comes to this, so you might want to ask questions.
- When it comes to *YOU*, you need to make sure you are prepared-
- Do you have your own backups?
- Do you have a monitoring and alerting system to detect the problem quickly (we have a cost effective solution)?
- What is your plan if one or more of your service providers is down for a day? For a week? For a couple of weeks? Goes out of business?
- Can you continue to do business while you are down?
- While the total number of businesses impacted by just these three attacks that did hit the news is around, best guess, one thousand companies, that is just 3 attacks. This will likely get uglier before it gets better.
And just to lighten things up a bit, check out this YouTube clip from the animated movie Hoodwinked. He has a good suggestion – https://www.youtube.com/watch?v=HUIP208nZZs
Source: Brian Krebs