Remote monitoring and management (RMM) software has become a real attack vector for ransomware this year, putting MSPs on notice — which is why specialist publisher NinjaRMM has moved swiftly, launching Ninja Data Protection backup integrated with its flagship RMM.
Sal Sferlazza, chief executive at NinjaRMM, said the Ninja Data Protection release helps extend and simplify backup across remote and on-site workforces, promising minimal configuration requirements when speedy responses are needed — for example in a ransomware attack.
“The native integration with our RMM platform also means that managing those backups essentially requires zero additional management burden,” he said in the announcement. “We believe we are bringing one of the most reliable and easy-to-use backup solutions to the market.”
NinjaRMM is targeting MSPs and IT professionals with integrated file, folder and image backup via Ninja Data Protection.
An earlier NinjaRMM and Coveware report this year, however, found that 86% of IT professionals canvassed thought of ransomware more as something that happens to other businesses — a sort of near-existential threat rather than something they personally need to worry about, according to ITProPortal.
However, a NinjaRMM/Coveware survey released in July reported that managed services providers (MSPs), IT service consultants and hosting providers have been increasingly targeted by ransomware actors.
“These attacks target the service provider’s remote management tools to increase the blast radius of the attack. When the attack is successful, every downstream endpoint at every client of the service provider is impacted,” they wrote.
Additionally, Coveware’s study for Q3 2020 shows that paying the ransom is now typically less effective than companies might think — and they shouldn’t be tempted to do so.
“Trust that stolen data will be deleted is eroding as defaults become more frequent, when exfiltrated data is made public despite the victim paying,” explains Coveware in the quarterly report.
“Victims should assume it will be traded to other threat actors, sold, or held for a second or future extortion attempt.”
The mean ransom payment has risen 31% from Q2 to $233,817 (£173,889), and the median to $110,532, up two percent from Q2, as attackers target larger firms.
Coveware has learned that ransomware demands are continuing to increase alongside data exfiltration and Maze/Egregor fork group activity. The original Ryuk group has also returned to the ransomware scene, it said.
“It is also possible that the influx of remote and work-from-home setups using RDP (remote desktop protocol) and other remote technologies allowed threat actors to leverage attack vectors that previously didn’t exist,” according to Coveware.
(Photo by Sam Moqadam on Unsplash)