A growing number of managed services providers (MSPs) from around the world are being targeted and compromised by hackers. Such breaches can have a serious impact on their customers’ business, as compromised MSPs can serve as launchpads into their clients’ corporate networks. MSP compromises highlight why it’s important for organizations to consider the risk they pose and be ready to block threats coming through trusted business partners.
Two weeks ago, a ransomware attack hit IT services firm Everis, a subsidiary of NTT and one of the largest MSPs in Spain. Based on internal communications leaked on Twitter, the company directed employees to shut down their computers and decided to cut the network links between its offices and its clients.
The attack directly impacted Everis’s customers who relied on the company to manage various aspects of their IT infrastructure, and some of them started internal investigations into whether they were infected with ransomware themselves.
The malware program that hit Everis encrypted files using the .3v3r1s ransomware, and the ransom note warned the company against making the incident public. This suggests the MSP was not just a random victim in an indiscriminate attack, but that hackers chose it on purpose and customized the ransomware for the attack.