Most Devastating Ransomware Attacks on MSPs Revealed 2024
Ransomware attacks that originated from the MSP will be today's topic of discussion. It is an obvious play here by the shifty cretins that operate in dark corners, high on intelligence and low on morals to target Managed service providers.
I want to discuss my bullet proof plan for eliminating the scourge of ransomware and the impact it is having on hard working business people in the United States.
MSPs are the equivalent of the transistors used in your CPU that runs your workstations, they are the gate that controls a much larger flow. MSPs do exactly that, no matter how small we are, it is known that we hold the keys to many castles.
With the advent of documentation platforms like IT-Glue and Hudu and the intent of most to try and put all information and technical documentation into one easy to reach data store, it has made us a target that holds a good pay day for the hackers.
The following instances highlight interesting ransomware intrusions and where possible I will mention if they paid the ransom or not and give the MSP a doug score on the way it handled things.
While you are here, Take a look at some of our other Service Provider Consulting related articles below that may interest you:
- Top Reasons MSPs Still Conduct Onsite Visits
- Internal Documentation Management - Biggest MSP Mistake
- 5 Tips for Improving Client Technical Competence
- Firing Clients
- MSP - Dealing with Difficult Clients
Elimination Of Ransomware Threats
I am of two minds on how service providers should handle the threat of ransomware. This is going to be a very contentious view. My belief is that ransomware can be eliminated overnight but it has to be implemented at a federal government level and some business owners would need to be sacrificed for the greater good.
Prepare to be outraged by my unofficial recommendations on how countries and or states could eliminate ransomware with a few simple steps. While harsh, I put it into perspective with other world events where there are individuals around the planet and in fact entire countries who are intentionally trying to eliminate other human beings for nothing more than a line on a map. When you think of my proposed solution, try and look at it with that sort of perspective.
Federal Government Regulation On Ransomware
The federal government needs to call an emergency special meeting and ratify a unanimous amendment that makes ransom payouts a federal crime with a mandatory 15 year prison sentence for anyone involved in paying out ransoms to criminal organizations.
There will be a few sacrifices early on that will test the boundaries of this new law and they unfortunately will be sent to the slammer without television privileges. We will weep for them (in the press of course) and down the line, I am talking way down the line, we could look at pardoning them.
This is not about destroying people here, it is about demonstrating to these filthy vermin that are currently operating with impunity that the US will not sanction their buffoonery. Once the message has been delivered and the hackers stop attacking US based companies then under the cover of darkness, those imprisoned can be quietly released.
People stop actions that do not pay off. Ransomware in the United States would drop off a cliff once word is out that ransoms do not get paid, the moment they realize that fat sweaty wads of untraceable cash will not be forthcoming, they will move elsewhere to places like Canada or the UK.
Eliminate Uncontrolled Crypto Currency
You thought you hated my idea before, well brace yourselves. Trust me I do not like this idea either. The fact I can move large sums of untraceable currency across international lines in the form of Bitcoin or Monero certainly makes me feel more comfortable with the idea that if society breaks down and anarchy reigns, I can still remain under the radar and no government can hunt me down and take my stuff.
Only it does not work that way does it? Honest people who use crypto currency create a paper trail big enough for a 747 to follow in a snowstorm at Christmas. You have to purchase crypto somehow right? Even if you hide every single clue about your crypto transactions, you still have to purchase the crypto like most normal people by paying someone to do the exchange.
At the very least you will have a matching amount transferred from your bank account moving to AJSing LLC who just so happens to run a mildly successful local bitcoin account.
The IRS knows about what he does, the government knows what he does and if it benefits them, you can mark my words. It will take them all of about 5 seconds to match up his incoming transactions with your bank.
So no, even with Monero which is the most technically anonymous crypto currency, if the government or law enforcement have a need to demonstrate you have crypto currency, they will do it with a speed you cannot believe is possible.
The only reason your discrete purchase of some dusty showbiz for new years eve goes unnoticed is because it would be a waste of time for the government to pursue it.
So crypto currency benefits a couple groups of people. Nerds that profited initially from its astronomical rise. I myself tried buying $500 worth of bitcoin in 2010 when it was around 18 cents each. Unfortunately my visa card prevented me from making the transaction and after about 2 hours I gave up.
The other is organized crime. Give me a single reason beyond speculation why crypto currency exists? The only reason it exists is so that organized crime can operate easily across international borders.
Unlike honest individuals, their operations require taking that extra step of anonymizing transactions so that it is impossible to link up large transactions with an individual.
They have multiple temporary fake bank accounts where they can do a transaction and then disappear with the crypto. Crypto is always traceable, every transaction I have ever made using crypto currency is available online for anyone to see. As long as cryptocurrency remains anonymous and cannot be tied to an identity, that is where its power as a tool for criminal activities resides.
Cryptocurrencies and BlockChain Is Here To Stay
Just like artificial intelligence, cryptocurrency is not going anywhere. What I am suggesting though is that we need to accept a slight decrease in our illusion of freedom in exchange for the ability to eliminate a tool that allows the free flowing unbridled ability for organized crime to swindle honest managed service providers out of their rightful income.
My suggestion is that governments absolutely need to take control of cryptocurrency. Create a digital US dollar or a global universal measure of currency pegged to the US dollar.
Require the identity of an individual to be tied to a transaction and ensure that each US citizen receives one cryptocurrency account when they reach 18 and it should be treated like the bank accounts we use now only with higher security measures.
Buy back Bitcoin and Monero in exchange for the digital dollar at say 80% of its face value for US citizens with an amnesty on any criminal charges for unpaid taxes on profits and tax them at the moment of conversion. That should pretty much be a net zero initiative.
It is the matching of crypto currency transactions to identities that would be the death sentence for organized crime. Could they have ways around it? Sure, I mean people create fake bank accounts all the time and there are very creative criminals out there that will sometimes circumvent the checks and balances in place, however what it will do is eliminate the current situation of criminals holding business to ransom at will and with impunity.
The current situation is untenable and is rapidly getting worse. Hell if they do not sort things out soon, even I would be tempted to purchase an off the shelf ransomware program from the darknet for a few dollars and modify it slightly.
Cyber Insurance Companies Need To Act
You think criminal organizations are targeting MSPs? That would be wrong, they are targeting the insurance companies of MSPs. In an ironic twist, spending significant sums on a good cyber insurance policy increases the risk you will be targeted by coordinated and premeditated ransomware attacks.
That is why it is imperative for Insurance companies to stop offering cover for ransom payments.
Insurance companies are normally the first to the party when there is a dollar to be made. As things stand now, they are charging massive amounts of money for a digital risk protection plan that includes ransomware cover.
You would think they are loving the current era making fat wads of cash in the form of monthly or annual policy renewals and yet that is not the case.
Many of the top 20 insurance companies are making a loss on Information technology insurance even with sky high premiums and as a result, many are flat out no longer offering insurance to MSPs.
Why? This is a perfect opportunity for insurance companies to get together as a united front and decide that no insurance company from this point forward will pay out ransoms.
Again there will be a few casualties here but this strategy will see the United States become a fortress of solitude whereby ransoms will no longer be an issue in the US.
Insurance policies will go back to a reasonable level and they can go back to covering ordinary unexpected events. I mean there are enough risks associated with the services MSPs provide such as the risk of negligence with client backups as an example.
Force Client Cyber Insurance
This may not directly impact the ransomware epidemic MSPs currently face however I think it would certainly reduce the massive pressure and risk service providers currently suffer from.
It is a simple solution and that is to make cyber liability protection a mandatory requirement for any client that wants to sign on to your managed services agreement.
Worldwide Rollout Of My Ransomware Elimination Plan
Once it is determined that my ransomware elimination plan works in the US and a polite amount of time has passed since I accepted my many awards and given my speeches on what it is like becoming a hero for many even if I shy away from that word regardless as to its appropriateness (and it is appropriate)
The plan would be to call the United Nations to a mandatory meeting where I would give a quick powerpoint demonstration on how successful the above plan has been and then require a unanimous approval of a ratified treaty eliminating ransomware globally using my proven successful 5 point plan above.
Once this is all in place globally, I would put into place an official membership fee of a modest $3 million fee for each country per annum that wants to remain under the umbrella of the ransomware protection framework I have put in place, payable in Monero to one of my active crypto accounts.
They would have an ample 14 day window to transfer funds before I would place that country's name onto a list that can be accessed for a premium by anyone willing to pay the yearly 500K membership fee. The list would be always up to date with any country that is currently in an unprotected state.
Examples Of Ransomware Attacks Involving MSPs
So now I have outlined my bullet proof plan eliminating the scourge of global ransomware, I would like to give a few examples of recent ransomware incidents specifically targeting MSPs for your reading pleasure.
Kaseya Ransomware Incident
Kaseya VSA was the biggest and baddest ransomware incident that affected a large number of MSPs and is highlighted in its own section because of the impact it had on the MSP sector. It was a supply chain ransomware attack which affected about 1600 businesses.
There was an authentication vulnerability in Kaseya’s VSA. Because the VSA is given about the highest level of trust a piece of software can be given, basically the keys to the castle, it proved a very effective attack.
While Kaseya did not confirm if the ransom demand was paid or not, they did receive a decryption key which demonstrates they likely paid the $70 million ransom. This of course means the organizations that engage in these nefarious activities are cashed up and can afford the best technical talent on the planet along with all the tools needed to take on their next big project.
This particular attack had Russian origins, even though the president had a phone call with the Russian president, no action from their government was forthcoming and the US had to take steps to take the REvil servers offline. In actual fact there are known ties between the Russian government and Russian based hacker groups.
Ransomware Events 2024 Among Technology Companies
Below is a graph listing the major ransomware events which involved MSPs. The total cost does not take into account the cyber Insurance policy and so it should be assumed that these amounts are likely covered either all or in part by the policy.
| MSP | Country | Ransomware | Date | Ransom Paid | Total Cost |
|---|---|---|---|---|---|
| Rapattoni | USA | Unknown | 08/08/2024 | Ongoing | Ongoing |
| Xplain | Switzerland | Play | 06/04/2024 | NO | Unknown |
| Casepoint | USA | BlackCat | 05/30/2024 | Unknown | At Least $5 Million |
| MOVEit | USA | The Clop | 05/27/2024 | Not Directly | $100 Million |
| Dragos | USA | Unammed | 05/08/2024 | NO | $1 Million |
| Constellation Software | Canada | BlackCat | 05/04/2024 | Unknown | $25 Million |
| AvidXchange | USA | RansomHouse | 05/02/2024 | YES | At Least $5 Million |
| Bitmark | Germany | Unknown | 05/01/2024 | YES | At Least $8 Million |
| Incredible Technologies | USA | Dunghill Leak | 04/28/2024 | YES | At Least $7 Million |
| NationsBenefits | USA | The Clop | 04/19/2024 | YES | At Least $7 Million |
| Valid Certificadora | Brazil | CrossLock | 04/16/2024 | NO | At Least $2 Million |
| Western Digital | USA | Alphv | 03/26/2024 | NO | At Least $10 Million |
| Evide | United Kingdom | Unknown | 03/20/2024 | NO | At Least $1 Million |
| Rubrik | USA | The Clop | 03/15/2024 | NO | $2 Million |
| Karmak | USA | Unknown | 02/14/2024 | NO | At Least $5 Million |
| Fortra | USA | The Clop | 02/08/2024 | Unknown | At Least $1 Million |
| A10 Networks | USA | Play | 01/23/2024 | NO | At Least $5 Million |
Conclusion
I think we can all agree that something needs to happen with the amount of damaging ransomware attacks that occur daily now. I may have written this article sprinkled in with a bit of humor however until the government steps in and puts some type of regulation in place around how ransoms are handled and insurance companies stop offering to pay ransoms then it will continue indefinitely.
We already have a precedent that demonstrates what happens when ransoms stop being paid. I was a bit young at the time however during the late 60s and early 70s there was an epidemic of hijacking taking place specifically to extract ransoms from various governments.
It was a weekly occurrence at one stage until the US government made the decision not to negotiate with terrorists and to never pay ransoms. Overnight hijacking airplanes disappeared.
The same strategy needs to be implemented so that we can put an end to these damaging ransomware attacks that impede the ability for technology based companies to do business.
We have a number of other I.T strategy and consulting articles listed below that will provide you with more detailed information on a number of related topics:
https://optimizeddocs.com/blogs/consulting/consulting-index-page-01
Our team specializes in strategies for IT risk management organizations and we assist in improving profit margins through standardization and consistent record keeping strategies, so you can be confident that our content is tailored to your needs.
Please feel free to explore our other articles and click on any that interest you. If you have any questions or would like to learn more about how we can help you with your documentation needs, please click the "Get In Touch" button to the left and we will be happy to assist you. Thank you for choosing us as your trusted source for technology documentation.