At least 13 managed service providers were used to push ransomware this year
A new report published this week by threat intelligence firm Armor puts the number of managed service providers (MSPs) that got hit with ransomware this year at 13, possibly more.
For those unfamiliar with the term, a managed service provider is a company that manages a customer's IT infrastructure using remote administration tools.
MSPs have been around since the 90s, with the dawn of large computer fleets; however, they've been catching on with more and more companies in recent years.
By hiring an MSP, a company can cut costs by ditching classic system administrator roles, and outsource all IT (server and/or desktop) maintenance to a remote team of highly-trained professionals for a fraction of the cost, usually billed on a monthly subscription basis.
Using an MSP typically involves installing the MSP's software that provides its staff with remote access to a company's resources. However, this very same software can also be a curse.
Starting this year, ransomware gangs have realized that they could compromise the network of an MSP, and then use their remote access tools to deploy ransomware on the MSP's customer networks, infecting hundreds of companies and thousands of computers, all at once, with the push of a few buttons.
The trend had been noticeable to keen infosec observers. ZDNet reported on some of these MSP-based ransomware incidents when they first happened, in February, June, July, and August.
However, in a report published this week, Armor took a deeper look at the entire MSP ecosystem and unearthed several other incidents. In total, the company found 13, but many more could be unreported. See the list below:
| MSP | Ransomware | Date | Vertical |
|---|---|---|---|
| Apex Human Capital Management | Unknown | February | Payroll services |
| CloudJumper | Ryuk | May 19 | IT services |
| IT By Design | Unknown | June | IT services |
| MetroList | Unknown | June | Real estate brokers |
| CorVel | Ryuk | July | Work & healthcare |
| PM Consultants | Unknown | July | Dental services |
| iNSYNQ | Unknown | July 16 | Accounting |
| TSM Consulting | REvil | August 18 | IT services |
| PerCSoft | Ryuk | August 28 | Schools and colleges |
| SCHOOLinSITES | Unknown | September 23 | Dental services |
| TrialWorks | Unknown | October 14 | Lawfirms |
| Unnamed MSP | Unknown | October 14 | Healthcare |
| BillTrust | BitPaymer | October 23 | Invoicing and billing |
Besides MSPs, ransomware gangs have also gone after a wide variety of targets this year, focusing on the US in particular. Previous Armor reports found that ransomware gangs encrypted files and crippled operations at more than 500 US schools and almost 80 US municipalities this year alone.