At least 13 managed service providers were used to push ransomware this year

Once hackers compromise an MSP's network, they can use its remote access tools to deploy ransomware to hundreds of companies and thousands of computers.

A new report published this week by threat intelligence firm Armor puts the number of managed service providers (MSPs) that got hit with ransomware this year at 13, possibly more.

For those unfamiliar with the term, a managed service provider is a company that manages a customer's IT infrastructure using remote administration tools.

MSPs have been around since the 90s, with the dawn of large computer fleets; however, they've been catching on with more and more companies in recent years.

By hiring an MSP, a company can cut costs by ditching classic system administrator roles, and outsource all IT (server and/or desktop) maintenance to a remote team of highly-trained professionals for a fraction of the cost, usually billed on a monthly subscription basis.

Using an MSP typically involves installing the MSP's software that provides its staff with remote access to a company's resources. However, this very same software can also be a curse.

Starting this year, ransomware gangs have realized that they could compromise the network of an MSP, and then use their remote access tools to deploy ransomware on the MSP's customer networks, infecting hundreds of companies and thousands of computers, all at once, with the push of a few buttons.

The trend had been noticeable to keen infosec observers. ZDNet reported on some of these MSP-based ransomware incidents when they first happened, in February, June, July, and August.

However, in a report published this week, Armor took a deeper look at the entire MSP ecosystem and unearthed several other incidents. In total, the company found 13, but many more could be unreported. See the list below:

MSP
Ransomware
Date
Vertical
Apex Human Capital Management
Unknown
February
Payroll services
CloudJumper
Ryuk
May 19
IT services
IT By Design
Unknown
June
IT services
MetroList
Unknown
June
Real estate brokers
CorVel
Ryuk
July
Work & healthcare
PM Consultants
Unknown
July
Dental services
iNSYNQ
Unknown
July 16
Accounting
TSM Consulting
REvil
August 18
IT services
PerCSoft
Ryuk
August 28
Schools and colleges
SCHOOLinSITES
Unknown
September 23
Dental services
TrialWorks
Unknown
October 14
Lawfirms
Unnamed MSP
Unknown
October 14
Healthcare
BillTrust
BitPaymer
October 23
Invoicing and billing

Besides MSPs, ransomware gangs have also gone after a wide variety of targets this year, focusing on the US in particular. Previous Armor reports found that ransomware gangs encrypted files and crippled operations at more than 500 US schools and almost 80 US municipalities this year alone.