@scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
So we heard from customers of Protek Support in Salt Lake City that the MSP has been hit with ransomware that has gone on to hit all of their clients as well. From what we understand, they are currently on four days of customers being without their files and they aren't cleaning them up yet. We would suspect that their internal systems have been hit and they are tied up dealing with that.
Pretty good timing considering we just posted about this MSP Risk a few days ago.
How do MSPs survive this kind of level of destruction? Are clients talking to each other? Are clients going on to talk to other MSPs and look for assistance when their main support is gone?
We rarely think about how the MSP itself would be offline indefinitely and potentially unable to function in the case of a breach like this. But in this case, it looks like the MPS has been impacted to such a degree that they aren't even able to start helping customers yet. Four days with no action is a lifetime to an impacted business. Something like a hundred customers down for a whole week with no end in sight, it sounds like.
Each customer is going to need every machine - desktops, servers, storage, etc. to be totally wiped, reloaded, and restored. Imagine the manpower necessary to do that.
WiPro outsourcing giant breach: https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/
PCM MSP Breach: https://krebsonsecurity.com/2019/06/breach-at-cloud-solution-provider-pcm-inc/
Ongoing mess: https://www.insynq.com/support/#status
^^^ Note the word meticulous in the "we've cleaned things out" paragraph. SMH
CCH Walters Kluwer: https://www.accountingtoday.com/news/the-wolters-kluwer-cch-outage-what-happened
Maersk: Saved by a physical DC that was off in Africa after a power outage.
MSPs: Vulnerabilities in RMM/PSA software allowed compromise a while back.
Bing Search: MSP Breach
Privileged Access Workstation is the only way to go today. There needs to be an air-gap between systems being used to manage clients/customers and the MSP's day to day production systems.
There is no excuse for not segmenting operations, administration, cloud services systems, backup systems, and more. None. Nada. Zippo. Zilch.
Oh, and this:
Courtesy of Malware-Traffic-Analysis. It's virtually always the human.