This LikedIn Live episode was original posted at LinkedIn on march 7:th 2023
We've probably all seen in the news that MSP in Denmark newly got hit by ransomware attacks. Some of them is going out of business because as a result of the attack. It's crucial for MSP's that they are making sure that they are well protected because they are hosting other companies data and they are actually getting more and more frequently targeted by hackers because because of the amount of data they have and the importancy.
It requires more than one product. It's a whole approach and that is unfortunately sometimes overlooked when we are promoting the next greatest defense mechanism or whatever. But without the procedures and processes and people solutions can only take you that far.
It's always the people and that that that's not something we can fix. But we can plan around those possible failures and that's that's actually the best defenses we can do. Plan for what happens when the worst worst thing occurs.
This has become a whole industry since it started back in the 2012 - 2011. It used to be like developed by one hacker. It usually was oriented for people's laptops and capture the pictures and other stuff. But over the years, this has gone from being a kind of a private endeavor to a whole business where you have a producer of ransomware code, there's supply chain, there's resellers, partners, and then there are end users and everybody gets a cut. And this is all operated in nations where they are harbored by by the authority.
So what you're actually saying is that you can actually buy ransomware as a service on the Internet without having any technical knowledge, and then start planning some attacks. For €50 a month you can get a great ransomware product. Not only that, you get 24/7 support, you get manuals, you get like examples of how to use a product and if there's any problem with it, you can call someone and they will provide you with support.
The trends we've seen so far is that the attacks are increasing, and they are much more sophisticated than they were 5-6 years ago.
One of the first things attackers do is to make sure that they have destroyed your backups. Tansomware is quite very aggressive software and it just turns everything into encrypted in a matter of minutes and that process usually corrupts databases and applications. So when they destroy the backups they don't usually encrypt the backups due to the time it takes, so they just erase it.
So even if you pay (which 40% of of people do) apparently you never get a complete recovery because the the ransomware have already corrupted or destroyed your data. Sad but often true.
Attackers always searching for a victim with alow reputated company. The kind of security hygiene that you present to the public, that really matters because that is what the attackers use when they pick their victims. It makes no sense for a attacker to attack a difficult target when they can take a very easy one, with much lower effort. So if a company has poorly patched web servers, the chances are that the interior stuff is also poorly managed. And voila! You're under attack!
Your internet reputation is very important!