Blog Articles
Read MSP360’s latest news and expert articles about MSP business and technology
How Ransomware Gangs Are Recruiting Insiders

How Ransomware Gangs Are Recruiting Insiders

How Ransomware Gangs Are Recruiting Insiders

2021 has been a banner year for ransomware and other types of cyberattacks. Attacks have crippled fuel pipelines, prevented hospitals from delivering critical care, stopped students from being able to go to school, and halted factory production lines (to name just a few impacts). The devastating effects of these attacks can be found most days on the front page of the newspaper, or are felt behind the scenes by companies scrambling to remediate their systems and ensure they can keep their livelihoods afloat.

In total, ransomware attacks increased 151 percent in the first half of 2021 over the same period the previous year. These attacks are becoming increasingly expensive for organizations to recover from, with average costs of a ransom now sitting at $170,404 and total remediation costs on average costing more than ten times that, at $1.85 million in 2021.

There are a number of causes that we can attribute this increase in attacks to, but one growing trend is the rise of ransomware gangs. These gangs, often based in foreign nations such as Russia, represent a now trillion-dollar organized crime industry that is growing in sophistication and capability. These organizations now often exhibit an almost corporate-like structure, with leaders, partners, services, and even 24/7 help desks for victims.

These organized cybercrime gangs are driving new innovation in the ways they are targeting companies for attack, making it more difficult than ever for companies to defend themselves. This includes new types of malware, delivering ransomware as a service, and even recruiting company insiders to act as secret spies to help them execute their attacks. Each of these new areas represents new threat vectors that companies of all sizes, from the smallest SMB to the largest enterprise, need to defend themselves against.

With this increase in cyberattack sophistication, managed service providers (MSPs) have a role that is growing in importance as clients turn to them as trusted advisors to help them mitigate this new risk facing them every day. It is important that MSPs make sure they keep pace with the latest innovations and tactics with which attackers are targeting organizations, in order to make sure they can thoroughly protect and defend their clients and employees.

Further reading One Ransomware Gang Down, More to Go: Now Is Not the Time to Be Complacent

Evolving cyberthreats increase risk to MSP customers

As ransomware gangs increase their presence around the world, they’re also innovating and adopting new tactics to increase the effectiveness of their attacks. These developments pose new challenges to companies everywhere, who now have to protect themselves against ransomware threats from organized crime gangs. For MSPs that work closely with these companies to secure their environments, it’s important to be aware of the latest developments in order to protect their MSP customers to the best of their abilities.

For instance, some malware developers are now rolling out “products” and “services” that make it easier for less-sophisticated attackers to target companies with ransomware. One example of this is new ransomware-as-a-service (RaaS) offerings, similar in form to how a benign company would purchase the tools and the infrastructure they need on a subscription basis (except in this case for nefarious ransomware goals).

In addition to this, researchers have also found ransomware gangs actively recruiting company insiders to further their attack goals. In these cases, the gangs reach out to company employees and offer them hefty financial incentives—sometimes in the millions of dollars—to help them breach a corporate environment, or even offer to split the total ransom payment that they will demand from the company.

One example of targeting insiders is the LockBit ransomware operation. In this gang’s latest iteration of its ransomware-as-a-service offering (called LockBit 2.0) it encrypted devices and changed their Windows wallpaper to offer insiders within the company large amounts of money to provide access to their corporate networks. If they agreed to be part of the plot, insiders would reportedly receive a virus to be executed inside their networks.

For attackers, recruiting an insider helps them bypass many of the traditional cybersecurity controls that may be in place inside a corporate network. It also allows them to more specifically target credentials that provide extensive access to the network or to sensitive data, such as RDP, VPN and corporate email credentials. In short, having an insider on your side significantly increases the chances of a successful attack.

There are examples of employees taking hackers up on the offer. At Tesla, for instance, an employee was recruited by a Russian hacker to plant malware at a company factory in exchange for $1,000,000 in Bitcoin, with the goal of stealing data and extorting a payment from the company to prevent its public release. The hacker was ultimately caught, as the employee turned him over to authorities, and was sentenced to a maximum of five years in prison and a fine of $250,000.

What is perhaps most significant for MSPs about the above story is that the hacker said he had had similar experiences at other companies, according to the court filings. For an MSP, this means that they need to consider that attackers may be targeting their customer organizations in similar ways, and therefore take the necessary precautions to protect them against the latest threats.

Protecting customers against evolving threats

This evolving landscape of cyberthreats means that an MSP’s team cannot rest when it comes to evolving their own approaches. On a most basic level, this involves constantly educating themselves on the attackers’ latest threats and tactics, so they adapt their strategies to the ever-changing patterns of risk. To do this, MSPs should make sure they are reading the latest threat reports and research on a regular basis and sharing the information across their organization.

  New call-to-action

In addition, an MSP plays an extremely critical role in ensuring that customers have the necessary technology, such as backup software that includes immutability, and services to protect against and monitor potential threats. An MSP should make sure they are working strategically with their customers to build out a thorough cybersecurity strategy and then continually implementing best practices, such as patching known vulnerabilities, updating software to the latest version, and monitoring for any anomalous network behavior.

Further reading Ransomware protection with MSP360

For newer threats, such as ransomware gangs recruiting insiders from inside a company to target customer environments, there is also an important role for an MSP. MSP teams can help educate customers on what to look out for, especially when it comes to malicious insiders. They can also remotely monitor customer environments or corporate email accounts to help identify and flag any nefarious or unusual behavior that could suggest that an employee has been compromised and might put the organization at risk.

The unfortunate reality is that cyberthreats will only continue to evolve and increase in number and severity over time. As a trusted advisor to their customers, it is critical for an MSP to make sure they are keeping pace with the latest developments and helping their clients adapt their strategies to meet these new risk landscapes and attack methods. If they are able to do so, they will likely be able to retain and maintain customer satisfaction for many years to come.

WP icon

New call-to-action
Steps for Keeping Backup Data Safe from Ransomware
  • Cloud and local backups protection
  • Backup and recovery operations
  • How to use backup software to centralize backup operations

Kurt Abrahams

About the author
Kurt Abrahams is the Vice President of Marketing at MSP360 with expertise in technology marketing, cybersecurity and AI based technology.

More articles by Kurt Abrahams