According to vampire lore, a vampire cannot enter into your home or office unless you invite them in. In the classic Swedish horror film, Let the Right One In, the young vampire is unable to enter her friend’s house unless he specifically invites her in. This factoid adds to the other, more common vampire lore we’re used to: garlic and crosses ward those fanged fiends off, you kill them with a stake through the heart, and sunlight destroys their skin.
Now. Why the heck are we talking about vampires?
First off, let us be the first to wish you a Happy Halloween. (Yay!) Secondly, let’s talk about how ransomware is like vampires.
Ransomware is a malicious cybercrime that attempts to suck your business dry, all because you made the mistake of clicking on a link or filling out a fraudulent form that invited the blood-sucking criminals through the doors of your business networks to begin with.
Totally the same as vampires, right?
Since the internet is filled with all sorts of strange ideas, you can probably find some sort of additional “evidence” in support of the idea that garlic, crosses, stakes, or sunlight can keep away malicious hackers who want to infect your business with ransomware.
Come to think of it, that sunlight one might have some support to it…
The job of killing vampires takes years of careful training, which is why most vampire-infested towns choose to outsource to experts. It’s also best to entrust experts with the job of killing cyberthreats, like ransomware.
But you have to choose your expert carefully.
You may think you’re safe from modern-day ransomware vampires because you hired your very own Van Helsing or Buffy, in the form of a managed services provider (MSP) – but what if you found out your hired vampire slayer was inexperienced, unethical, or ineffective?
In short, what if you found out your slayer was negligent and inadvertently invited vampires into your business?
You’d be pretty upset. Especially when you found yourself lying on the floor with two holes in your neck and an endless life of damnation ahead of you. (I mean, you’re in Seattle and winter’s coming, so at least you wouldn’t have to worry about that sunlight problem too much… but still!)
Extended metaphor aside, it turns out there have been quite a few negligent MSPs who have pretty much invited ransomware “vampires” into their clients’ IT systems.
That’s really, truly, horrible.
Here are the facts on one such recent cyberattack that was, in effect, caused by a negligent MSP:
This is not an isolated event. Last month, 22 Texas towns were hit by ransomware and 400 dental practices around the country were also affected by ransomware because their MSPs weren’t properly protecting them.
Though we assume these MSPs recommended IT security best practices to their clients, it turns out the MSPs weren’t practicing what they themselves preached. Because the MSPs didn’t patch or update their own systems (or, apparently, perform regular backups), they fell victim to ransomware, which also infected their clients’ systems.
We’re not going to hash this out more because this kind of news makes us ill and we’re horrified that an MSP could do such a thing to their clients. However, if you’d like more details, you can get the rest of the story from ProPublica.)
You don’t want to fall victim to a ransomware attack caused by an ineffective MSP – and that means you should ensure your MSP protects their own systems, in addition to yours.
If you’ve been reading this blog regularly, (and if you haven’t, why not?), you already know that good MSPs recommend that you focus on backups, password protection, multi-factor authentication, safe browsing practices and employee phishing education, and, most importantly, updates and patches.
To get back to our metaphor, you can think of these practices as the vampire slayer’s weapons against the bloodsucking hordes. Now, if your hired slayer / MSP isn’t using these weapons to protect their own systems, they’ll be negligently leaving your systems and networks in harm’s way.
One simple way to tell if your managed services provider practices what they preach is by looking at how long they’ve been in business. If their IT support practice is new, they may not have the experience to look for and mitigate today’s overwhelming number of cyberthreats – which means they might end up inadvertently inviting a ransomware “vampire” into your systems.
It’s a better idea to choose an IT support provider that’s been in business a long time because their long-term expertise helps them better understand the many dangers out there. That knowledge helps them safeguard their own business — and yours — so you can not only have a safe and happy Halloween, you can also keep your IT systems and business secure on all the other days of the year.
Interplay is one of Seattle’s longest-standing IT services providers and one of the city’s few true MSPs. Recognized and respected by some of the top names in the tech industry, we on the Interplay team rest our award-winning reputation on paying careful attention to our clients’ systems and our own, so we can provide comprehensive protection and threat mitigation to all of our clients, all of the time.
In other words, our knowledge and experience put Van Helsing and Buffy to shame.
Interesting in reading another creepy tech story, so you can get in the Halloween spirit? Check out the terrifying tale of the Nest camera that threatened a nuclear war.