Service Providers: Fight Ransomware, Become a Superhero to Your Customers
We’ve spend the last few weeks examining various aspects of ransomware, a type of malware that encrypts computer hard drives and demands an online ransom of hundreds or thousands of dollars for the decryption key, without which users can never access their files again. In both its effectiveness and its astonishingly rapid proliferation, it represents a unique new threat both to consumers and businesses. Its ease of use by low-skilled criminals, highly-leveraged distribution model, and versatility at defeating a range of endpoint security measures is unprecedented in the history of malware. By denying access to critical applications, a ransomware attack can cost a business tens or hundreds of thousands of dollars, damage the brand, and even (when hospitals and public safety organizations are the victims) put lives at risk.
If you are a service provider or VAR looking to get into the services business, you would already know that ransomware represents a looming business problem for your customers that you can help them solve. The uncertainty and fear that accompanies this increasingly pervasive new threat has the potential to paralyze your customers’ everyday operations. Stories about new breaches and their high costs are appearing weekly in the business and technology press. If your customers don’t suffer a breach in the coming months, they will know someone who has been victimized. In short, now is a very opportune time to get into the business of offering anti-ransomware defenses as a service.
Our recent essay here showed the many technology measures that IT security vendors are bringing to bear against ransomware, including anti-malware software based on signature matching, heuristics detection, application whitelisting, application sandboxing, and so on. These are all worthwhile components of a defense-in-depth strategy, but all have drawbacks, ranging from vulnerabilities that ransomware authors have learned to exploit, to high costs in administrative overhead, to adverse effects on user productivity. Even with rigorous endpoint defenses in place, users remain a weak link: their unwary willingness to click on links and open attachments in phishing emails, to visit dubious websites, and plug in unknown USB drives continues to provide easy paths for ransomware into their systems.
The only foolproof defense against a ransomware breach is a data protection regimen with both local and offsite (private or public cloud) backup copies.
With a recent backup on hand, any system can be quickly rewound to its state prior to the ransomware breach, restoring access to its files without ever paying a ransom. The cloud component is necessary to protect against the many ransomware variants that are capable of spreading from the initially breached system to other endpoints over the local network, potentially including local backup servers.
Service providers that can offer their customers this kind of hybrid backup defense against ransomware will find themselves in an enviable position.
An anti-ransomware service offering gives them an opportunity to talk to their customers about an urgent business problem, sell them the most effective mitigation solution on the market, and potentially wrap additional services around it, including security awareness training, endpoint security software and services, design and deployment services, and the like. It also puts the service provider in the position of trusted ally, a partner who enables the customer to proceed with their daily business unhindered by the inevitability of an eventual ransomware breach. It is a rare solution to an IT security threat that is built around instilling confidence, not fear.
If you’re a service provider looking to join the fight against ransomware, consider Acronis Backup Cloud, a proven, secure and scalable platform for the delivery of cloud and premise-based Backup as a Service. It supports popular cloud management tools, offers great flexibility in service packaging and delivery, and consolidates customer views and administration into an easy-to-use, unified management console. Acronis Backup Cloud also offers flexible storage options for customer backups, including local (on-premise), service-provider hosted, Acronis-hosted, and third-party hosted, including Microsoft Azure, Amazon S3, and IBM Softlayer.
Ransomware is going to hit your customers hard, and that opens a door for you to offer them a timely, valuable service. Some of your peers have already gotten into the game: for an example of an American MSP who is using Acronis Backup Cloud to defend its customers against ransomware, download this case study. It’s not hard to become a superhero to your business customers and prospects that are now cowering under the shadow of the ransomware menace. You just have to don the cape and the costume with the double-bar A on it.