MSP Customers Hit by Ransomware Attack 2019-02-08
Well, we knew this was possible. DarkReading reports that between 1,500 and 2,000 endpoint systems and servers were hit by a Gandcrab ransomware attack this week. The managed service provider is reported to be U.S. based. The attack vector was a vulnerable MSP plug-in used for remote monitoring and management. The ransom amount demanded? USD $2.6 million. The article's quote from Huntress Labs Chief Architect Chris Bennet sums it up, and stands as clarion call to both MSPs, their customers: "From the MSP's standpoint, the tool they use to manage everything was
just used against them" to inflict damage on customers...Everyone is looking at the
attack and saying, 'This could have been me.'" It will be interesting to see how the MSP customer's insurance (cyber and otherwise) deal with claims. Hint: Was a nation-state responsible?
Link to article: https://ubm.io/2BuKxS9
Thoughts and comments from a lawyer-technologist about cybersecurity, privacy, and complex litigation, but with a twist of (or perhaps twisted) technology and electronic discovery. And the occasional on or off-topic rant. Cautionary Note: Nothing contained in this blog is intended to be, should be construed as, or considered to be, legal advice. If you require legal assistance, contact an attorney in your jurisdiction.
About Me
- Steven Teppler
- Jacksonville, Florida, United States
- Partner, Sterlington, PLLC. Jacksonville, FL. Cybersecurity, Privacy and Complex Litigation; Admitted in NY, DC, FL IL and NJ. Co-Chair, American Bar Association Information Security Committee.
Publications
»The HIPAA Technology Challenge: Protecting the Integrity of Health Care Information, California Health Law News – Volume XXVI, Issue 1, Winter 2007/2008
»Spoliation of Digital Evidence – A.B.A. SciTech Lawyer Magazine, Fall 2007,
»Life After Sarbanes-Oxley – The Merger of Information Security and Accountability (co-author) 45 Jurimetrics J. 379 (2005)
»Digital Signatures Are Not Enough (co-author); ISSA, Jan. 2006
»State of Connecticut v. Swinton: A Discussion of the Basics of Digital Evidence Admissibility (co-author), Georgia Bar Newsletter Technology Law Section, Spring 2005.
»Foundations of Digital Evidence, (contributing author) American Bar Association (July 2008).
»Spoliation of Digital Evidence – A.B.A. SciTech Lawyer Magazine, Fall 2007,
»Life After Sarbanes-Oxley – The Merger of Information Security and Accountability (co-author) 45 Jurimetrics J. 379 (2005)
»Digital Signatures Are Not Enough (co-author); ISSA, Jan. 2006
»State of Connecticut v. Swinton: A Discussion of the Basics of Digital Evidence Admissibility (co-author), Georgia Bar Newsletter Technology Law Section, Spring 2005.
»Foundations of Digital Evidence, (contributing author) American Bar Association (July 2008).