Understanding Ransomware in 2023: How to Protect Your Clients Against Attacks

Credit: Getty Images

Even as the number of ransomware attacks drops, the impact and expense of those threats are rising for businesses worldwide.

Ransomware remains the number one cybersecurity threat for large and medium businesses. But now, even smaller organizations can expect to face ransomware attacks as ransomware-as-a-service (RaaS) becomes more prevalent. RaaS has made launching malware breaches easy and affordable — even for unskilled cybercriminals — which makes ransomware an even bigger concern in 2023.

As supply chain attacks balloon by 663%, MSPs are particularly at risk. A single malware attack on an MSP can give a cybercriminal access to multiple clients’ systems and data. And considering nearly 70% of malware attacks include ransomware, attacking an MSP can create a costly ripple effect, where cybercriminals can demand ransom payments from a business and all its clients.

Cybercrime isn’t disappearing anytime soon, so MSPs must be ready for ransomware attacks at any moment. Here’s what MSP leaders need to know about ransomware prevention for MSPs in 2023.

Who is at risk of a ransomware attack?

In the past, cybercriminals often had a specific target in mind when they deployed a malware attack.

Since reselling personally identifiable information (PII) was a primary driver for data breaches, cybercriminals wanted to steal either huge volumes of PII or data with a higher resale value, like medical records and financial information. This meant experienced cybercriminals frequently targeted large organizations with extensive databases of valuable PII, like financial and medical organizations in developed countries.

Now, the rise of ransomware has made cyberattacks both more profitable and more prevalent. Companies of all sizes and in every industry are at risk of a ransomware attack, because criminals can profit simply from encrypting the company’s data and demanding a ransom payment to restore it. Some cybercriminals benefit even more from double extortion ransomware attacks, where they collect a ransom payment and resell company data on the dark web to maximize their profits.

The risk of an attack is even higher as RaaS becomes more popular. RaaS makes it easy and affordable for cybercriminals who lack technical skills to profit from ransomware attacks. Plus, since cybercrime gangs often charge higher rates to attack companies based in developed countries, many RaaS users are choosing to target emerging markets instead.

Driven by the possibility of huge payouts, it’s no wonder that cybercriminals use ransomware to steal 10 TB of data every month.

Ransomware runs rampant in supply chains

The global supply chain plays an important role in the growing risk of ransomware.

Most companies work with hundreds, if not thousands, of third-party service providers and vendors — including the MSPs that manage their cybersecurity. Vendors have an obligation to their clients to maintain their applications, patch their systems, and maintain a strong security posture. However, just one insecure endpoint is all a cybercriminal needs to inject malicious software into a network or application and expose both the company and its clients to a cyberattack.

Since MSPs manage their clients’ security, they have a unique responsibility to protect their IT infrastructure from malware. An attacker who gains unauthorized access to an MSP’s network can easily gain access to their clients’ IT infrastructures too. Then, both the MSP and their clients are open to malware attacks with ransom demands.

For instance, a 2021 ransomware attack on MSP software vendor Kaseya demanded a $70 million ransom payment to restore data to up to 70 of Kaseya’s clients. However, since the software housed data for each MSP’s respective customers, the attack encrypted data for up to 1,500 businesses across at least 17 countries.

Cybercrime-as-a-service makes ransomware accessible

Cybercrime gangs have found even more opportunities to profit off their ransomware by offering ransomware as a service.

RaaS makes it simple for anyone to lease expert ransomware tools, buy step-by-step DIY kits to build and deploy ransomware attacks, or hire a cybercrime group to deploy ransomware. Malicious ransomware source code is available for as little as $39, making RaaS accessible and affordable for budding cybercriminals.

Many cybercrime gangs use a subscription affiliate model with profit sharing to collect RaaS profits ongoingly. In these instances, a cybercriminal pays a monthly fee to access ransomware tools, code, and deployment support — everything they need to launch a successful cyberattack. Every time a cybercriminal deploys the gang’s malicious code and retrieves a ransom, the gang automatically takes a percentage of the collected ransom payment.

This model may be part of the reason smaller companies and organizations in emerging countries are more at risk for ransomware. While attacking these companies normally isn't profitable for large cybercrime groups, these organizations have become vulnerable targets for a new generation of cybercriminals looking to make a profit. And while deploying these attacks costs so little, ransomware attacks often cost companies millions in ransom payments, remediation costs, compliance fines, and lost business.

Ways criminals spread ransomware

Cybercriminals often use a combination of tactics to access IT infrastructure and inject malicious ransomware. While some may deploy ransomware attacks hoping to find a zero-day vulnerability, others use different methods to detect vulnerabilities and gain credentials to increase their chances of success.

For instance, phishing attacks — arguably the most common way to steal credentials or share malicious URLs — rose 120% in Q3 of 2022. Stolen credentials are consistently the leading cause of breaches, so it’s common for cyberattackers to launch phishing attacks and gain access to an IT environment before deploying ransomware.

Since many MSPs maintain access permissions for their customers’ systems, cybercriminals often target MSPs to gain access to their clients and deploy even more ransomware.

Knowing cybersecurity trends is only half the battle

Cybercriminals always seem to be one step ahead, ready to exploit vulnerabilities as soon as they’re discovered. Learning about cybersecurity trends like ransomware-as-a-service is crucial to keep up, but knowing what to expect is only half the battle. Defending your clients against ransomware is even more important.

MSPs need the right tools to keep their clients secure and combat ransomware attacks.

Acronis Active Protection is specifically designed to detect and protect against ransomware. Our anti-ransomware technology uses behavior-based heuristics and AI-driven anomaly analysis to recognize and detect suspicious activity and to block even zero-day threats. If malicious code slips in, our built-in automatic ransomware recovery ensures you get your data back in a matter of seconds.

Acronis Active Protection comes standard with our Acronis Cyber Protect Cloud solution, an integrated solution built to simplify cybersecurity management for MSPs. Ready to see how easy cybersecurity can be? Sign up today for your free trial of Acronis Cyber Protect Cloud.

This guest blog is courtesy of Acronis. Read more Acronis guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.