MSP Disaster Recovery Attempts That Failed 2024

High profile MSP disaster recovery attempts that failed is the uplifting topic of today’s article. There are people out there with happy lives that sit by lakes eating noodle salads, just nobody in this article.

Were you aware that 2 out of 3 midsized companies were affected by ransomware in the last 18 months? Or that 93% of businesses that lose access to their information for more than 11 days go bankrupt within one year?

So strap yourself into that favorite chair of yours and let the overwhelming feeling of thankfulness wash over you that you are not one of the following organizations involved in the listed MSP horror stories.

While you are here, Take a look at some of our other Computer Consulting related articles below that may interest you:

• MSPs & Dealing with Burnout
• MSPs That Use CRM Tools & the Benefits Compared to Those That Do Not
• Optimizing Documentation Can Improve Profit Margins
• Shocking Antivirus Statistics for MSPs
• Shocking Facts About MSP Income

Conclusion

Failed MSP Disaster Recovery Attempts

The definition of a failed disaster recovery attempt is anything where any amount of data could not be recovered. So it does not mean that 100% of the data was not recoverable, it means anywhere from 1% up to 100% of data loss are in the examples below.

Disaster recovery attempts that failed in my book are any incidents where the company suffers significant damage even if the actual recovery attempt is eventually successful. If the data recovery component of a disaster recovery strategy is 100% effective yet it took 15 days to recover all of the information then that cannot be considered successful.

Even so-called data recovery specialists often take an up front payment before negotiating a payment of ransom in the case of ransomware infections. Sometimes there is an unhealthy relationship between hackers that infect with ransomware and security companies that offer to decrypt the information.

A small silver lining is that many of the companies hit are still running today. The list of MSP failures below should certainly prompt even the most live on the edge, risk everything MSP out there to invest in the best data breach recovery coverage they possibly can.

Threats are attacking MSPs on all sides these days and often the biggest defense is similar to the old club lock they used to use on cars, the thieves will just move onto another vehicle.

The problem comes of course when you put a club lock on something like a Ferrari and the thief wants that vehicle. This analogy holds true with service providers, if the hacker wants your information, very little is going to stop them.

That is where cyber insurance coverage will come into play. So let's now take a look at some of the horrifying MSP stories so that we can both learn from them as well as entertain ourselves.

Revolut - 2022

Revolut is a tech company involved in financial services, a third party services organization to banks if you will as well as consumer based products such as credit cards and travel products.

It has been reported they lost 20 million dollars over a period of 3 to 6 months due to a flaw in its payment system.

I hold no judgments however Revolut uses automatic account banning while simultaneously not having enough staff to unban accounts for sometimes months. I am not saying a company that engages in this type of behavior deserves to be targeted, actually that probably is what I am saying. 

Any company that uses KYC as a cover to profit from freezing accounts to earn large sums of interest free cash while decent clients that have done nothing wrong are locked out of their accounts for up to 6 months without any notice or communication, they deserve to be driven into the ground in my book.

Couple that with shady employment practices and exceptionally high staff turnover and it sounds exactly like a business that, well, does not deserve to be in business.

MOVEit - 2024

This company forces me to think of that little monkey thing in the movie Ice Age “I like to move it move it song” Apologies if  I have caused an earworm. This data breach like many tech organization data breaches is like the head of Medusa, you cut the head of one snake off and another 2 appear.

MOVEit is software designed by Ipswitch that ironically encrypts files. Now their customers had customers of their own who had customers of their own etc so you can see how as quick as a flash, over 600 organizations were impacted by this one security event.

I consider this more of a trojan horse even when a small file encryption application used by a large number of organizations is compromised and then at some point once it is safely embedded, then the CIOp vermin activates at will. The amount of impacted people is around the 40 million mark.

This is definitely a slow burn intrusion of which the impact has not been completely figured out as yet.

TSM Consulting - 2019

Printers automatically burst to life with ransom demands within 22 government organizations in Texas after an MSP called TSM Consulting was hit by a ransomware demand using the Connectwise Control application to encrypt squadrillions of bytes of client data.

Residents were unable to pay their council rates, local government could not pay bills, even police departments were frozen out of vital records during this time.

TSM contracted the services of a security related organization called MonsterCloud which has a reputation for often paying ransoms. Is this a failed disaster recovery if you have to pay the ransom? I will let you determine that.

“Another US company, Florida-based MonsterCloud, also professes to use its own data recovery methods but instead pays ransoms, sometimes without informing victims such as local law enforcement agencies, ProPublica has found.”

Travelex - 2019

This is a company most of us have either heard of or used. In 2019, Travelex was impacted by the REvil ransomware and after being offline for 2 weeks, caused the collapse of the organization including the loss of 1000 jobs. 

To be fair COVID-19 probably did not help either however the ransomware was still the contributing factor in the organization's demise and subsequent restructure and new ownership.

Over 5GB of user information was encrypted and the hackers demanded around 6 million big ones for its restoration. They ended up negotiating the ransom down to about 2.3 million dollars.

United Structures of America Inc - 2019

Another horrendous attack which wiped out all areas of data including CNC machinery files, current order information as well as customer information.

This is another organization that has been forced into bankruptcy by a ransomware attack. Even with an electronic data protection policy, the best plan in the world is not going to save a company who has every type of data encrypted.

You know what is worse? They paid the ransom and the scoundrels either did not hand over the decryption tools or they did not work and so the business had no choice but to wind down operations.

This event demonstrates that preparation against security attacks is as important as good insurance.

Noteworthy Mentions

Shein which is a fashion brand that came to light during the pandemic was fined 1.9 million smackers recently due to a data breach that occurred back in 2018. The reason for the fine?
They chose not to disclose that a breach occurred. A drop in the ocean perhaps but still shows that if you ignore data breach protocols, you will likely get found out.

Nelnet Servicing had 2.5 million users confidential information leaked due to a vulnerability in their systems. 

Twitter as it was known then or X saw 5.4 million accounts stolen and being held to ransom for a quite reasonable $30,000 by all accounts. I suspect the fine for failing to disclose the data breach will be far higher than the actual ransom demand.

Conclusion

Conclusion

If you have a large enough target on your head then you will be hit by ransomware at some point. It is not enough to sit back and expect your cyberinsurance to do the heavy lifting. It is quite likely that their payout will be both conditional and limited depending on the countermeasures you previously put in place.

It also shows that as MSPs, we are in a position to cause significant levels of catastrophic damage to our clients if our own systems are compromised. Using best in class security applications as well as ensuring that you at least offer the absolute best possible security measures to your clients as well as keeping on top of security patching and updates.

Above all though and this is probably the hardest thing to do, try and remain under the radar as much as possible. Pretty tough to do if you have high profile clients I know but if you can make sure that you are the least attractive option then they will move onto another target.

By all means, go to the dance, just perhaps forget the makeup and high heels.

We have a number of other IT support contract related articles listed below that will provide you with more detailed information on a number of related topics:

https://optimizeddocs.com/blogs/consulting/consulting-index-page-01

Our team specializes in strategies for IT support solution organizations and we assist in improving profit margins through standardization and consistent record keeping strategies, so you can be confident that our content is tailored to your needs.

Please feel free to explore our other articles and click on any that interest you. If you have any questions or would like to learn more about how we can help you with your documentation needs, please click the "Get In Touch" button to the left and we will be happy to assist you. Thank you for choosing us as your trusted source for technology documentation.