Service Providers Don't Always Protect Against Ransomware
By: Kayla Matthews on January 1, 2020
Service providers are just as vulnerable to ransomware attacks as any other industry vertical on the map. However, when service providers do not have the proper security protocols in place to avoid being a victim of ransomware, not only does their brand go down, but so do their customers – even their customer’s customers.
Unfortunately, service provider attacks are not isolated incidents. Here's a look at why service providers must view ransomware as a real risk and prepare to defend against it.
The Latest in a Trend of Service Provider Ransomware Attacks
Ransomware attacks against service providers are on the rise. News broke in early January 2019 of a Christmas Eve ransomware attack on a company that gave customers data center services, as well as other offerings, including software hosting and cloud computing assistance. In that case, the hackers gained access to the network with compromised login credentials and proceeded to wreak havoc with Ryuk ransomware that locked out authorized users.
In another instance that happened later in the year, a service provider specializing in technology for nursing homes that enables facilities to pay employees, order medication and more dealt with ransomware that affected about 20% of its servers, requiring 100 of them to get rebuilt.
Regarding healthcare, as well as other sectors, the Internet of Things (IoT) has only increased the amount of data collected, plus necessitated keeping it secure. The cybercriminals demanded a $14 million ransom to have the nursing home data restored. Those behind the attack likely understood the information's value.
The parties orchestrating ransomware attacks like to capitalize on urgency to make victims pay up or otherwise take actions that give the hackers what they want. You only need to consider the recent example of an internet service provider (ISP) in Florida. The attack took the company's website down, leaving customers — small business owners among them — having no choice but to call a landline number and hear a voicemail explanation of the problem.
Why Are Service Providers Unprepared for Ransomware?
Ransomware attacks are not new, but service provider representatives did not always need to treat them as a top concern. As ransomware attacks evolve, so do the entities attacked. One of the reasons why service providers are so appealing to hackers is that they give the chance to cause damage on a massive scale. Gone are the days when one person might download a file infected with ransomware and only affect their machine.
Ransomware can strike all industries. That means no service provider should consider itself immune including IaaS, MSPs, SaaS, and PaaS. The challenging part is that each service provider has a unique cybersecurity budget. There's no way to know for sure how much a given company invests in the necessity of stopping ransomware from taking hold.
Another reason for lack of preparedness from service providers is that a company many underestimate the impacts ransomware could have on its operations. For example, local governments often hire service providers that use the same software and applications for all customers. You can see, then, how cybercriminals could compromise systems in numerous states with a single kind of ransomware.
Tips for Ransomware Prevention
Given these new developments, what can you do? An excellent starting point is to remain educated about other problems that could affect service providers. If you're hiring a service provider, find out what measures they have in place to stay safe from hackers' attempts.
Or, if you are a service provider, treat ransomware protection as one arm of a dedicated cybersecurity defense. One worthy option is to invest in a specialized cybersecurity offering like vX\defend. It offers built-in protection against distributed denial of service (DDoS) attacks. Since this option can block the attacks before they cause problems, it helps you take a proactive measure.
Regarding ransomware specifically, it's best to keep all systems patched and use analytics to detect unusual network traffic. Whitelisting can also be useful by restricting particular processes and applications running on the servers.
Service providers also need to have a complete data backup plan consisting of both local and cloud-based backups. If a service provider has the option to roll back to a software version unaffected by ransomware, it can keep business running.
Planning Can Prevent Catastrophes
It's foolish to assume a service provider is more protected from ransomware attacks than other verticals. After all, the examples here prove that mindset wrong.
Understanding the risks and implementing mitigation strategies are two ideal ways to stay safe from problems similar to the recent attack that targeted service providers and the others mentioned here.
About Kayla Matthews
Kayla Matthews writes about data centers and big data for several industry publications, including The Data Center Journal, Data Center Frontier and insideBIGDATA. To read more posts from Kayla, you can follower her personal tech blog at ProductivityBytes.com.