What is Ransomware and how does it work?

Ransomware is a form of malicious software that locks and encrypts the data of a device. The victim is  unable to access their files again until the ransom is paid. Initially, most attacks targeted individuals but as ransomware developed, larger entities like businesses became the main focus due to greater payoffs. In the event you fall victim to ransomware or social engineering, the encryption that’s used would prevent you from accessing any of your documents, photos, financial information and more.

Additionally, in some cases, if you choose to pay the ransom on your own, your files may not even be restored. Law enforcement agencies actually  suggest that you pay the ransom. When dealing with cybercriminals there is no way to ensure that you will see your files again. 

Victims have lost data forever from a ransomware attack and that’s why a protection plan is so important. Not every incident is controllable by any means, but there are instances where an awareness of different kinds of ransomware might prevent you from an infection. A Managed Service Provider (MSP) will not only provide your business with the right solutions, but they will educate and prepare your team as well.

Ransomware in Recent Events

Sometimes ransomware attacks are caused by faults in security software or a missed update, and sometimes their caused by an employee unintentionally clicking on a malicious link. Either way, they are damaging and can cost your organization heavy fines, downtime, and a loss of clients and their trust. A new report from McAfee shows that ransomware attacks, specifically file-locking malware, have more than doubled since 2018, with hackers modifying their methods for more lucrative payouts.

In January of 2019 Travelex, a foreign  currency exchange company discovered  that they had experienced a Sodnokibi ransomware attack. Sodniokbi also known as REvil has  the same format as ransomare-as-a-service (RaaS). Its multiple infection vectors include exploiting known security vulnerabilities and phishing campaigns.

Sodinokibi encrypts a user’s files and can gain administrative access by exploiting a vulnerability in Oracle WebLogic (CVE-2019-2725). It also came to light due to  a GandCrab ransomware campaign that occurred previously.

This lead to a shutdown of key systems but an assurance  that no client data was stolen.. There were definitely repurcussions and  frustrated customers. As of December 31, 2019 they had to begin processing trasactions manually, rather than through digital  or online services. 

The majority  of travel related purchases are  done virtuallky. You can only imagne the damage of  their company’s reputation. According to CEO, Tony D’Souza, the rganization’s future plan is to “enhance and upgrade systems in line  with their longer-term technology strategy.” He additionally stated that the company’s “focus is to ensure the integrity and robustness  of the network” so Travelex will be brining systems up in a “controlled and secure manner”

The most active types of ransomware according to the McAfee report:


Dharma, also known as Crysis, does not request a specific ransom amount. The cybercriminal instructs victims to contact the ransomware distributors via email to negotiate the ransom. The amount tends to be higher for larger companies. In a recent Dharma attack, a hospital in Texas had its files containing important patient information encrypted. 

They decided to hire experts to handle the issue for them rather than resolve it on their own. When a victim attempts to pay the ransom and fix the issue themselves, it doesn’t always end well. That’s why it’s important to contact an MSP.


GandCrab is a form of Ransomware called RaaS or Ransomware as a Service. Based on this model, the author sell their malware to lower level cybercriminals who find their own victims. 

This kind of malware specifically infects PCs running Microsoft Windows. Along with that it does not target machines located in Russia or the former Soviet Union. This has lead to the common assumption that the author is based in that area.


Ryuk, is assumed to be operated by the cybercrime group Grim Spider. This kind of ransomware is distributed through email campaigns. The victims typically click on malicious link or attachment. In one instance, a Florida police department had to pay a fine of $600,000 to regain access to their email and phone systems and utility payment services. 

This was caused by an employee opening a malicious attachment in an email. An example like this shows the impact human error can have on an organization.  A Security Awareness Training solution through a Managed Service Provider can educate your team on the signs of malicious emails.

An MSP can Offer Managed Services That Include:

Proactive Approach

An MSP takes a proactive approach to your security. There are hackers and ransomware threats around every corner and they cannot be prevented without appropriate protection. 

An MSP will monitor your network 24/7 and will resolve issues without you realizing they occurred. At the first sign of an issue, they are on guard to ensure your data is secure. They will assess any attack immediately so that your uptime is maximized and data is secure.  

Patching Schedule and Upgrades

Patching is vital to the security of your systems. Malware doesn’t just come in via email campaigns. It anxiously looks for security gaps/bugs in your network and popular applications, including your browser. 

An MSP will make sure that all updates are applied to your network and operating systems to ensure that the vulnerabilities are limited. The harder a system is to penetrate, the quicker they move on. Along with that, they will stay on top of your environment to make sure all the devices in your network are compatible with the software being used on them. Your systems will be running as securely as possible with an MSP.

Security Awareness Training

A Security Awareness Training solution also known as phish testing protects your organization from the human element. One of the greatest causes of data breaches are the unintentional actions of an employee. This kind of solution entails sending mock malicious emails to your team to see who clicks on them. You’ll receive recurring phishing statistics on your organization and training modules for ongoing education purposes.

It is important to learn what types of landing pages, incentives or freebies that your employees are attracted to and heighten their awareness. This sort of solution adds an additional layer of security for your organization and is just as important as having an anti-virus, anti-spam or firewall.

Backup and Disaster Recovery and Business Continuity

A Backup and Disaster Recovery (BDR) solution that takes images of your server is vital when protecting sensitive information. The ability to restore your data timely is key to maintaining profitability and limiting downtime. Business Continuity (BC) solutions through an MSP involve planning for how your business will continue to operate in the case of a cyberattack. 

These solutions prepare you for the worst and plan for a successful recovery. An MSP will make sure you’re backed up regularly and that those backups are tested and functional. You’re only as good as your last backup and these solutions ensure your data is as protected as possible. Cloud services come into play as well. 

In the case of a ransomware attack, don’t take any further action before contacting a cybersecurity expert. A managed service provider will handle a ransomware attack so you don’t have to be concerned. Contact The TNS Group today to safeguard your business and data against cyberattacks.

Categories: Managed Service Provider, MSP Blogs