Active ransomware gangs targeting MSPs
LockBit ransomware first made headlines in 2019. The group employs a ransomware-as-a-service (RaaS) model to target victims. LockBit reigns as a top active ransomware group that infiltrates MSPs and MSSPs worldwide. Recently, this ransomware group claimed victims in government and health care sectors with ransom demands as high as $1.5 million. Phishing emails are one of the most common ways the group delivers attacks. However, LockBit is also known to exploit vulnerabilities in remote desktop protocol (RDP) services and leverage sophisticated methods to bypass multifactor authentication (MFA).
ALPHV ransomware was first observed in 2021 and has gained attention as one of the most prolific ransomware threats targeting MSPs and their clients. The ransomware group employs various vectors of attack to infiltrate networks and encrypt data, including phishing emails, exploit kits and compromised websites. The gang also uses social engineering tactics to gain access to networks, from impersonating IT professionals in phone calls and text messages to live chats. The latest attacks include high-profile victims that suffered multimillion-dollar losses.
Cl0P ransomware first emerged in 2019. Infamously, the group extorts victims through the MOVEit data theft campaign that exploits a previously unknown SQL injection vulnerability, known as MOVEit Transfer. It is projected that the gang will rake in $75-100 million USD from its victims. According to CISA, IT professionals and MSPs should be on the lookout for IOCs and TTPs that have been identified based on the latest FBI investigations.
Play ransomware is a newly discovered gang that notably attacked Argentina's Judiciary of Córdoba in 2022. Following the incident, the Play ransomware gang have attacked other victims worldwide, including MSPs and the organizations they protect. In these attacks, the gang claims to have stolen confidential information and threatens to release this data if the victim refuses to pay the ransom.
Proven protection against ransomware
Independent laboratories, cybersecurity analysts and industry groups agree that Acronis offers the best defense against modern threats.
Securing the industry
As part of the Anti-Malware Testing Standards Organization (AMTSO), Acronis is helping to develop proper standards for testing security solutions, and we participate in tests that adhere to AMTSO’s standards.
Membership in AMTSO allowed Acronis to contribute our Machine Learning engine to VirusTotal, enabling all users around the world to benefit from our technology’s ability to detect various online data threats.
In this international information technology industry forum, Acronis contributes and discusses how to reduce the threat from bots, malware, spam, viruses, DoS attacks, and other online exploitations with other industry players.
Acronis Cyber Protect is certified as an official anti-malware solution for Windows that can replace Windows Defender. This is achieved via participation in Microsoft Virus Initiative, through which members prove they are able to provide top-level security for Windows.
Product reviews
Looking for help?
Frequently Asked Questions
A growing number of MSPs continue to seek ways to consolidate their vendor lists to reduce costs, improve efficiency and achieve comprehensive protection. Not only does taking a multilayered approach help close security gaps, but also fortify resilience.Acronis Cyber Protect Cloud is a comprehensive solution that combines cybersecurity, data protection and management, enabling MSPs to meet the unique needs of clients, including qualifying for cyber insurance, adhering to industry regulatory compliance and safeguarding business continuity — all at an affordable price. Acronis empowers you to centrally manage, provision, and scale cybersecurity, backups, recovery, and endpoint management through a single console, eliminating the need to manage multiple individual tools and saving valuable resources and time.
Adopting a 3-2-1 backup strategy is one of the most effective ways to safeguard data against security vulnerabilities. The 3-2-1 strategy ensures that organizations have three copies of sensitive data: your production data and two backups — one housed in a different geographical location and one copy housed off-site. By separately storing secure backups in both local and off-site locations, businesses reduce the risk of data loss regardless of the location or cause — including natural disasters, human error and cyberattacks.For instance, if a fire destroyed one of the off-site backup locations, the data would be safe where it was backed up locally and in the remaining off-site location. This empowers your MSP business to quickly and easily restore the data to your clients and minimize downtime for their business.
Building a ransomware incident response plan is critical to streamlining and outlining how your MSP business will respond to ransomware if your clients are attacked. A comprehensive IRP involves ten fundamental steps to help minimise the financial, reputational and operational harm to you and your clients following an attack.
This includes:
- Defining security objectives.
- Establishing a designated incident response team.
- Developing an incident classification framework.
- Outlining how you will detect and identify ransomware threats.
- Containing and remediating the threat.
- Recovering data and restoring it.
- Implementing communication protocols.
- Ensuring legal compliance.
- Documenting and reporting the incident to necessary stakeholders.
- Training and educating your IR team, clients and their employees on your ransomware response plan.
Ransomware prevention as an MSP business boils down to three core themes to better protect your clients: enhancing visibility, taking a zero-trust architecture approach and leveraging AI-based detection.
Endpoint security is vital for businesses, especially as they grow and increase the number of devices connected to their network. To effectively secure your clients’ endpoints, endpoint detection and response (EDR) or endpoint protection platforms (EPPs) are essential to safeguarding IT environments. While EPP focuses on monitoring and managing devices, EDR goes a step further by emphasizing threat detection and response to mitigate cyber risk.
Regular patch management is crucial to address vulnerabilities and reduce the risk of attacks. Automated patch management can streamline this process and ensure compliance and system performance.
Additionally, data backup is essential to counter ransomware attacks — following the 3-2-1 rule of backup to maintain multiple copies of critical data on different storage media.
As an MSP business, you can ensure your clients are holistically protected against ransomware through leveraging the NIST Cybersecurity Framework. The core functions of NIST include Identify, Detect, Protect, Respond and Recover.
The NIST Framework was designed to help organizations enhance their security posture. By ensuring protection layers to address each function, you can close security gaps, mitigate cyber risk and fortify business resilience to clients.
