December 19, 2019
New Ransomware Strain Targeting MSPs
A new strain of ransomware known as Zeppelin is targeting managed service providers (MSPs) and healthcare companies. Zeppelin is a Ransomware-as-a-Service (RaaS) variant similar to a previous strain known as VegaLocker. Like similar variants, Zeppelin is highly configurable and more difficult to detect.
According to reports, attackers are infiltrating MSPs through Remote Desktop servers. Once the ransomware is on the system, it begins to terminate processes associated with backups and mail servers, steals data (in some cases), and encrypts data to hold for ransom.
Recently, we've seen attacks against MSPs increase as cybercriminals are targeting them in hopes to use the MSP's access to deploy ransomware to their customers as well. According to Datto's State of the Channel Ransomware Report, 4 in 5 MSPs agree that they're increasingly becoming targets of ransomware attacks.
In response to the recent increase in ransomware attacks, the FBI released some cyber-defense best practices:
- Regularly back up data and verify its integrity. Ensure backups are not connected to the computers and networks they are backing up. For example, physically store them offline. Backups are critical in ransomware; if you are infected, backups may be the best way to recover your critical data.
- Focus on awareness and training. Since end-users are targeted, employees should be made aware of the threat of ransomware and how it is delivered and trained on information security principles and techniques.
- Patch the operating system, software, and firmware on devices. All endpoints should be patched as vulnerabilities are discovered. This can be made easier through a centralized patch management system.
- Ensure antivirus and anti-malware solutions are set to automatically update and that regular scans are conducted.
Read the full list of their suggestions.
To learn more about the current landscape of ransomware and how you can avoid falling victim, check out Datto's State of the Channel Ransomware Report.