Privatise Blog

Protecting clients from ransomware attacks: tips for MSPs


Despite being in decline for a few years, ransomware attacks are back and quickly on the rise.

Cyber criminals across the globe are utilising more sophisticated forms of ransomware – WannaCry and NotPetya being prolific examples – to deal damage to corporate networks.

But for those unfamiliar with ransomware, what is it and for MSPs, how can you protect your clients against ransomware attacks?


What is ransomware?  

Ransomware is a type of malware that either threatens to publish the victim’s data or permanently block access to it until a ransom is paid.

Typically, ransomware attacks are carried out using a Trojan – a type of malware disguised as legitimate software. This trojan file may well be an attachment in an email or a program downloaded to the victim’s system. High-profile examples include WannaCry (which was sophisticated in that it automatically travelled between systems) and NotPetya.

There are essentially two types of ransomware:

  • Crypto ransomware

Crypto ransomware encrypts valuable files on a computer so that users cannot access them. The hacker responsible for the attack then demands the victim pay a ‘fine’ to get their files back. 

  • Locker ransomware

Locker ransomware locks the victim out of their device, preventing them from using it. The perpetrator will then demand the victim pay a ransom to unlock the device.


Why are MSPs targeted by ransomware?  

MSPs are a natural target for cyber criminals because of the numerous client networks they have access to. Gaining access to an MSP’s network means gaining access to all of its clients’ networks, too. All cyber criminals need is a few moments on a network to inject ransomware and take control.

Indeed, ransomware attacks against MSPs are increasingly common. According to a report by Datto, 4-in-5 MSPs agree that their business is becoming more of a target for cyber criminals. Furthermore, in Datto’s State of the Channel Ransomware Report, 92% of respondents predict that the number of ransomware attacks against MSPs will continue at current or worse rates.

But the problem isn’t just the fact that MSPs are being targeted, however, it’s also that many MSPs have poor security protocols in place anyway.

The best place for MSPs to start is with a cyber security package that includes all the core services they need to protect them from a broad range of threats. This too can be provisioned to clients. Typically such a package will include: firewalls, DNS filtering, email security, endpoint security and anti-virus.


What’s the impact of ransomware on MSPs?  

Given that MSPs are treasure troves of information (and the gatekeepers to their clients’ network) a successful ransomware attack can spell disaster.

For MSPs, the focus will always be on restoring client data, networks and operations – but what about the damage done to the MSP itself?

Of course, the most obvious cost is financial but there’s more to it than that. Not only do MSPs suffer financially, critical networks will also be taken offline. This problem is further accentuated when networks are hosted in the cloud. Depending on how quickly the ransomware can be found and removed, services could be offline for hours if not days!

Also, whilst critical infrastructure is offline, MSPs have no way to deliver services to clients. The longer services are offline the greater the more money they lose.

Then there’s the potential loss of data – the longer the ransomware is on the network the more information cyber criminals can potentially steal.

Finally, damage to reputation. If an MSP is subject to a cyber attack, clients will avoid working with them out of fear of the same happening to them. The damage to reputation can, therefore, be far worse than the financial cost of a cyber attack.


What can MSPs do to prevent ransomware attacks?  

To counteract cyber attacks, MSPs need to invest in protective solutions at the weakest points of ingress.

For example, one of the main causes of cyber breaches is weak passwords. Cyber criminals – aware of the fact that many business employees use the same passwords – use password generators with fixed variables (i.e. a name, surname or date of birth) to randomly generate passwords and eventually gain access to a user’s account. That or they insert a keylogger into a user’s device via a downloadable attachment or email.

So, one way to prevent this is to use multi-factor authentication on endpoints – mobile phones, laptops and other devices that connect to the network. This means that to log into a network, users need to use a combination of authentication methods – i.e. password and pin number. This makes it much harder for cyber criminals to gain access. 

Another thing to do is install anti-malware services on the main network and device endpoints. This will ensure threats are detected and eliminated before they can get further into the network. Anti-malware programs are updated routinely (with new virus and threat definitions almost daily).

Next, be informed. The principal issue is that many (MSPs and businesses alike) assume they won’t be targeted by cyber criminals. For some, this is because they don’t have any ‘valuable data’ (which is far from true, all data is valuable) or are too small to be targeted. The reality is that every business – regardless of size – is likely to be attacked. Awareness of these threats is, therefore, key!

Lastly, back up data and customer data regularly. In the event of an attack, MSPs need to be able to reassure customers that their data is safe and can be restored in the event of data loss.


Protecting against cyber attacks is entirely possible but it requires MSPs to always be a step ahead of cyber criminals. This means keeping up with the latest developments and strategies, protecting endpoints, installing appropriate security measures and accepting the fact that every business is a target.