ConnectWise is professional automation software. In 2016, the developer company designed a plug-in to sync data between its own platform and other monitoring and management software applications. In the last couple of months, a dormant flaw in the plug-in has made way for Gandcrab operators to exhibit their shenanigans once again resulting in attacks on several MSP companies. As of now, affected entities have spent hundreds and thousands of dollars to employ ransomware removal and restoration measures.
Is Reckless Behavior the Reason behind Recent GandCrab Flare?
The chief product officer of ConnectWise has made it clear that the plug-in flaw was identified in 2017 and the company immediately released a patch to fix it. The company notified the users about the patch and also provided a mitigation guide to limit the vulnerability of their systems. Nevertheless, many organizations didn’t pay any heed to the alert and eventually borne the brunt in the form of ransomware attacks.
Ransom Demand of Over $2 Million!
According to the cybersecurity firm that identified recent Gandcrab activity in connection with ConnectWise plug-in vulnerabilities, the ransomware operators infiltrated an MSP firm and locked down all its more than 2,000 devices and asked for whopping $2.24 million to provide ransomware removal solution. The firm negotiated with the attackers and paid a part of the ransom to get the decrypter. The affected MSP also took help from third-party cybersecurity experts as well. This is the story of just one recent GandCrab attack. We don’t know about the damage and extortion details of other attacks of the same nature happened in recent months.
MSPs Are High-Value Targets
Managed Service Providers have always been high-value targets for cybercriminals. A single MSP sometimes provides its services to dozens of organization and thus supervise a lot of critical data too. The presence of data makes them particularly vulnerable to ransomware attacks.
The ransom demand in the recent GandCrab attack shows that the attackers were fully aware of the importance of data and therefore asked for more than 2 million dollars for providing the key for ransomware removal.
The Attack Highlights the Importance of Security Updates Yet Again
Individual users might not face any tangible loss even if they don’t keep up with security updates. However, organizations particularly the ones providing B2B services can’t afford to have such a laidback approach towards security patches and updates. The targeted MSPs could save hundreds and thousands of dollars if they had updated their ConnectWise platform in time.
Besides security updates, timely data backup maintenance and having instant ransomware removal expertise at disposal are basic ingredients for thwarting any large scale cryptovirological attack.