November 16, 2020
MSPs Named As Target By Leading Ransomware Syndicate
MSPs and IT providers, insurance, legal, manufacturing, and agriculture are the top targets for ransomware attacks, according to Advanced Intel LLC, a New York based threat prevention firm. What’s worse, the future of ransomware is data extraction rather than simply data denial.
According to Advanced Intel, Russian-language tech vlog Russian OSINT recently published an interview with UNKN—a representative of the REvil ransomware syndicate. In the twenty-minute interview, UNKN discusses the future of ransomware, victimology, and attack vectors employed by REvil.
The Future of Ransomware
UNKN says that ransomware will move towards data extraction and not simply data denial. Why? Because businesses fear the consequences of sensitive data leakage and will pay a higher ransom to avoid it. According to UNKN, 33% of victims are willing to pay the ransom in order to prevent the publishing of their files.
Brute-force RDP remains the best attack vector, especially with the BlueGate RDP vulnerability, according to UNKN. REvil predicts there will be a massive increase in the number of RDP attacks and SunCrypt DDoS attacks due to this vulnerability.
Additionally, UNKN claimed REvil exploited a very basic Citrix vulnerability which “could have been prevented by a simple patch” in two of their most successful attacks—against Travelex (January 2020) and Grubman Shire Meiselas & Sacks (May 2020). Though the article does not give specifics about these attacks, it’s worth noting that they likely netted a large sum of money. REvil currently claims an annual ‘revenue’ of $100,000,000 USD a year with a goal of $2 Billion USD.
Ransomware Attack Mitigation
To mitigate ransomware attacks, Advanced Intel offers the following recommendations:
Considering the emphasis the REvil puts on RDP brute forcing, complicating the remote desktop protocol (RDP) access, by employing a robust password policy and multifactor authentication as well as hardware authentication, can become an effective prevention foundation. REvil often exploits simple vulnerabilities as they admitted in the case of Travelex. Regular patching and updates can reduce posed risks.
Finally, business continuity technology should also be considered an essential piece of an MSP’s ransomware strategy. If an attack does occur, BCDR solutions like Datto SIRIS enable you to restore client business operations quickly to eliminate costly business downtime.