2016 could be the year of ransomware, and MSPs need to be prepared to help their customers face this malware threat. According to a recent report from Intel Corp’s McAfee Labs, the number of ransomware attacks is expected to grow in 2016, and that could create costly problems for SMBs.
Ransomware is a type of malware that allows a hacker to encrypt files on an infected computer and then demand a ransom be paid in order to decrypt the data. Often, users have no other option than to pay the ransom, which can range anywhere from $200 to $10,000. According to the FBI’s Internet Crime Complaint Center, victims of CryptoWall – one of the most prevalent forms of ransomware – reported more than $18 million in losses between April 2014 and June 2015.
Small businesses are particularly vulnerable to ransomware. According to the Verizon 2015 Data Breach Investigations Report, 23 percent of SMBs that receive phishing emails open them, and 11 percent click on the attachment. That’s why it’s critical for MSPs to educate their small business customers about ransomware and stay up to date on the latest threats.
Here are four points that are important for MSPs to keep in mind about ransomware.
1. Users are the final line of defense
Even if you have all the right technical safeguards (such as antivirus software, spam filters and firewalls) in place on a customer’s system, they can still fall victim to ransomware. All it takes is one person who unwittingly clicks on a suspicious link or opens the wrong attachment, and a whole system could be infected.
To help combat this, you need to teach customers about what ransomware is, how it can hurt their business and the warning signs they should watch out for. For example, CryptoWall is often spread using files named HELP_DECRYPT in .txt, .html, .url and .png file formats. Try bringing pizza to a customer’s office and getting all the employees together for a lunch-and-learn about ransomware, or offer to provide cyber security training on an ongoing basis as an added service.
2. Seeing is believing
One of the most effective ways to teach customers about ransomware is to show them real examples so they know what an infected email looks like. You can find a number of helpful online quizzes, such as this one from McAfee, that provide a variety of examples and explanations about how to tell the difference.
After a computer is infected with ransomware, a message will be displayed alerting the users and providing instructions on how to pay the ransom. You should show your customers some examples of what these screens look like so they can let you know immediately if they do fall victim to ransomware.
3. Backup supports faster recovery
If a customer is hit with ransomware, having a recent backup will make it easy for you to restore their operations as quickly and painlessly as possible, saving time and money for both you and your customer. For that reason, having a backup solution in place and regularly testing backups to make sure they’re running properly is a critical part of protecting your small business customers from ransomware. If a customer doesn’t have access to a recent backup, they’ll likely have no choice but to pay the ransom.
4. Ransomware is always evolving
Malware developers are constantly introducing new and improved ransomware strains, creating new challenges for MSPs. For example, CryptoWall 4.0 was unleashed in November, adding twists such as encrypting filenames as well as the files themselves, making it nearly impossible to tell files apart. To stay up to date on the latest ransomware news threats, MSPs should follow sites such as Bleeping Computer or the Microsoft Malware Protection Center.
By Chris Crellin, Senior Director of Product Management for Intronis
Senior Director of Product Management Chris Crellin leads product strategy and management for Intronis. Over the past 15 years, Chris has developed a strong record of successfully developing product strategy and driving execution from concept to delivery. Chris joined Intronis from Backupify/Datto, Inc., where he was responsible for product strategy and execution of their cloud backup SaaS portfolio. Prior to Datto, he spent 14 years with RSA, the Security Division of EMC. He was the lead product manager for the RSA SecurID portfolio after having started his career as a software engineer.
Learn more about how to create a competitive advantage and how the top MSPs operate with this free whitepaper.
