/>
X

At least 13 managed service providers were used to push ransomware this year

Once hackers compromise an MSP's network, they can use its remote access tools to deploy ransomware to hundreds of companies and thousands of computers.
catalin-cimpanu.jpg
Written by Catalin Cimpanu on

A new report published this week by threat intelligence firm Armor puts the number of managed service providers (MSPs) that got hit with ransomware this year at 13, possibly more.

For those unfamiliar with the term, a managed service provider is a company that manages a customer's IT infrastructure using remote administration tools.

MSPs have been around since the 90s, with the dawn of large computer fleets; however, they've been catching on with more and more companies in recent years.

By hiring an MSP, a company can cut costs by ditching classic system administrator roles, and outsource all IT (server and/or desktop) maintenance to a remote team of highly-trained professionals for a fraction of the cost, usually billed on a monthly subscription basis.

Using an MSP typically involves installing the MSP's software that provides its staff with remote access to a company's resources. However, this very same software can also be a curse.

Starting this year, ransomware gangs have realized that they could compromise the network of an MSP, and then use their remote access tools to deploy ransomware on the MSP's customer networks, infecting hundreds of companies and thousands of computers, all at once, with the push of a few buttons.

The trend had been noticeable to keen infosec observers. ZDNet reported on some of these MSP-based ransomware incidents when they first happened, in February, June, July, and August.

However, in a report published this week, Armor took a deeper look at the entire MSP ecosystem and unearthed several other incidents. In total, the company found 13, but many more could be unreported. See the list below:

MSP

Ransomware

Date

Vertical

Apex Human Capital Management

Unknown

February

Payroll services

CloudJumper

Ryuk

May 19

IT services

IT By Design

Unknown

June

IT services

MetroList

Unknown

June

Real estate brokers

CorVel

Ryuk

July

Work & healthcare

PM Consultants

Unknown

July

Dental services

iNSYNQ

Unknown

July 16

Accounting

TSM Consulting

REvil

August 18

IT services

PerCSoft

Ryuk

August 28

Schools and colleges

SCHOOLinSITES

Unknown

September 23

Dental services

TrialWorks

Unknown

October 14

Lawfirms

Unnamed MSP

Unknown

October 14

Healthcare

BillTrust

BitPaymer

October 23

Invoicing and billing

Besides MSPs, ransomware gangs have also gone after a wide variety of targets this year, focusing on the US in particular. Previous Armor reports found that ransomware gangs encrypted files and crippled operations at more than 500 US schools and almost 80 US municipalities this year alone.

Related

Get a tiny, versatile, powerfully bright light for just $18
replace-this-image.jpg

Get a tiny, versatile, powerfully bright light for just $18

Deals
Learn ASL in 29 hours of highly-rated self-paced training for only $35
replace-this-image.jpg

Learn ASL in 29 hours of highly-rated self-paced training for only $35

Deals
Donate to kids in need by purchasing this 10TB cloud storage drive for 96% off
replace-this-image.jpg

Donate to kids in need by purchasing this 10TB cloud storage drive for 96% off

Deals