Ransomware Attacks Target MSPs to Mass-Infect Customers

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/

Ransomware distributors have started to target managed service providers (MSPs) in order to mass-infect all of their clients in a single attack. Recent reports indicate that multiple MSPs have been hacked recently, which has led to hundreds, if not thousands, of clients being infected with the GandCrab Ransomware.

With the mass distribution of ransomware increasingly becoming more difficult through methods such a spam, attackers are coming up with more creative ways to infect their victims. This includes hacking into RDP, teaming up with criminal download monetization companies, renting the services of botnet operators, and now attacking MSPs.

A managed service provider is a company who remotely manages and supports the IT infrastructure and technical support for their clients. One of the benefits of an MSP is that they monitor their client's networks and proactively fix problems that they discover.

In order to perform this type of support, though, MSPs utilize software that allows them to remotely access their client's networks and the computer and push out new updates, install applications, or apply fixes. Ransomware distributors are beginning to leverage this model by hacking into an MSP and then using their backend to distribute ransomware, and potentially other malware, to all of the MSP's clients.