While there is still much unknown about the latest wave of Petya/GoldenEye ransomware attacks, it’s all too clear that organizations that don’t keep pace with the latest patches are being targeted faster than ever. It used to take cybercriminals a fair amount of time to develop the malware required to take advantage of a specific exploit. Now thanks to access to advanced tools developed by intelligence agencies that make it possible for cybercriminals to weaponize malware faster, this latest series of ransomware is targeting an exploit that Microsoft made patches available for just over a month ago in the wake of the WannaCry ransomware attack. Given the rate at which most organizations roll out patch updates, it’s a wonder more systems haven’t been affected.
Microsoft says it’s continuing to investigate the extent of the most recent threat, so it’s unclear whether additional emergency patches will be forthcoming or not. Either way, many organizations have a pressing need to apply available patches immediately. Because the patch management processes in place within most organizations are inherently flawed, however, there will continue to be organizations that fall victim to these types of ransomware attacks.
Educating customers about ransomware
In fact, a new survey of 461 MSPs conducted by Intronis MSP Solutions by Barracuda found that well over half identified ransomware as the top security threat their customers face. Unfortunately, less than a third of the MSPs surveyed had any formal mechanisms in place for educating customers about the seriousness of the threat.
The primary way these attacks spread is through spearfishing. Unsuspecting end-users are tricked into downloading a file or clicking on a link loaded with malware. The good news is that advances in artificial intelligence are now making it easier to identify instances of spearfishing, which enables IT organizations to quarantine malware before it can do any damage. The bad news is this most recent series of attacks appears to have been embedded within a software update process involving a commercial accounting application. That suggests the entire application update process that software developers currently rely on may need to be reevaluated.
Making security a top priority
Obviously, growing awareness of ransomware attacks creates demand for a more efficient way to manage updates. That increased awareness should ultimately benefit MSPs that have developed mature processes for managing software updates for their customers. The truth is most MSPs should be on the frontline of any ransomware defense. Of course, in an ideal world most of the customers being impacted by these ransomware attacks would replace their systems. But for whatever reason many of them feel the need to continue to run outdated platforms such as Windows XP.
MSPs have a vested interested in helping customers make those upgrades. It’s less expensive for them to support a Windows 10 system than it is to support Windows XP. But until customers find the funds to make necessary system upgrades, MSPs need to focus on education in order to protect themselves and their customers. In fact, it may be in the best interest of MSPs to provide the end-user education needed to combat ransomware for free. After all, when ransomware strikes it’s the MSP that usually winds up cleaning up the mess regardless of whatever terms might be written into the service contract.
