The count of managed service providers getting hit with ransomware mounts

And that has made MSPs a very attractive target to ransomware operators.

Threat researchers at the global cloud security provider Armor have been tracking publicly-reported incidents in which MSP and cloud service providers have been hit with ransomware. Thus far, they have documented 13 such incidents this year—with 6 of them reported in the past few months.

The most recent publicly exposed victim is Billtrust, which as security journalist Brian Krebs reported, was hit by what BleepingComputer reported was BitPaymer ransomware (a report that has not been confirmed). BillTrust is an online invoicing and billing provider based in New Jersey that also provides credit decision services. Billtrust executives sent an email to customers on October 22, informing them of the attack, stating:

Our standard security and back-up procedures have been and remain instrumental in our ability to execute the ongoing restoration of services… Out of an abundance of caution, we cannot disclose the precise ransomware strains but will do so as soon as prudently possible.

Other victims include:

Organizations using full-service IT-managed service providers, such as Magnolia Pediatrics, are particularly at risk because the security of all of their systems is dependent on that of the MSP. As was the case in Texas, this meant that all their data was put at risk. In Magnolia’s case, all patient data was encrypted, but it could just as easily have been stolen by attackers—and since that data includes personal identifying data for children, it could have significant long-term consequences. A clinic spokesperson said that “out of an abundance of caution,” Magnolia advised patients’ families to monitor credit card statements and credit bureau reports.

These issues are why having a conversation (and a contract) with a service provider that includes security is so important.