Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security Maze Ransomware: A Threat to a Business’s Security and Reputation
Security

Maze Ransomware: A Threat to a Business’s Security and Reputation

By Tim Brown
5 February, 2020

Ransomware began simply—a criminal would send a piece of malware that locked up your system unless you paid them a ransom. If you had a good backup in place, you could revert your system to a known safe state and get back up and running fast. Over time, the industry did a decent job of using strong backup to protect their data and systems, and we saw some decline in this basic level of ransomware.

As a result, we have seen ransomware trends shift. In some cases, criminals have started to extend their paydays by leaving behind other problematic pieces of software after the ransomware infection is over (such as cryptominers). We have also seen the targets of ransomware shift. This has been one of the biggest shifts over the past two years. While cybercriminals still target individuals and small businesses, they have increasingly attacked small town governments. Unfortunately, these organizations lack the resources and agility of their corporate counterparts and can often get taken down for days by a major ransomware attack. 

Most of these ransomware attacks use the threat of organizational disruption to earn their payment. Recently, we’ve seen a new development—extorting businesses by exposing breached data if they don’t pay. Today, we’ll talk about some of the implications and how to handle them. 

What happened?

When attackers land ransomware, it’s not uncommon for them to access and read data as well. For years, attackers threatened to release this information, but didn’t make good on the threat. That changed with Maze ransomware, where they released stolen data from some companies that didn’t pay up and threatened to release even more. The threat comes to a business’s reputation and their finances if they don’t report and end up facing compliance fines. 

This threat can’t be defeated simply with backup, although, backup is still essential for the encryption variants (which will likely still be the main type of ransomware, so don’t skimp on backup). However, this could represent a new line of attack. Instead of dealing with downtime or data loss, you could face public scrutiny and damage to your reputation on top of the potential data losses. 

What you can do

CTA Image

SolarWinds Remote Monitoring and Management

Get the tools you need to manage, secure, and improve all things IT—all within a single web-based dashboard.

Try It Free Learn More

Once someone gets data using this style of ransomware, there isn’t much you can do outside of paying the ransom or preparing to have the data released. Even if you pay the ransom, you have no guarantee the data will not be released, and you may still have some level of responsibility to report. There are preventative steps you can take. A data loss prevention (DLP) solution may alert you to attempts to exfiltrate data, but even if you have one in place you should still employ the following: 

  • Patching, email security, and web protection: Dealing with these attacks starts with preventing the myriad of ways they can enter an organization. This means covering a lot of the same bases you have for years—patching software vulnerabilities quickly, deploying email protection, and using web protection to prevent users from encountering malicious sites (quite a few attacks start with drive-by downloads). 
  • Network segmentation: Another important point here comes from segmenting portions of your customers’ networks to help prevent ransomware from spreading. You may want to cordon off the most important parts of your network to help prevent an intrusion in one area from affecting another. In simple terms, if criminals can access employee records, segmenting the network properly could prevent them from reaching customer data or give you time to detect the issue before it spreads to other parts of the corporate network. 
  • Endpoint protection: For attacks like these, I want to emphasize the importance of going beyond antivirus by using a full endpoint protection solution. Signature-based antivirus normally can only catch known issues. However, endpoint protection solutions cover more than just malicious files—they use artificial intelligence and machine learning to look holistically at the endpoint for odd or suspicious behavior, then either flag that to the IT professional or take a specific action. For example, if someone downloads a spreadsheet, which then launches a script that begins reaching out to other endpoints on the network or starts copying and transmitting sensitive data to another source, the endpoint protection solution can attempt to halt both actions before damage is done. 
  • Transparency: If you get an indication that someone has access to customer data, you should be transparent with customers about the incident. If you’re required by law to notify your customers and your regulator about the breach, you absolutely need to come clean when a breach occurs. You don’t want auditors to find out when cybercriminals publish your business’s name on a website. If there’s an indication of a data compromise, make sure you report within your reporting window. Don’t make a bad situation worse—honesty really is the best security policy. 

A scary new front

For years, cybercriminals have demanded ransoms to keep quiet about data breaches. Until recently, these were mostly idle threats, but today’s reality represents a terrifying new challenge in the fight against ransomware. If you don’t want to end up on the wrong end of one of these attacks, continue employing strong security controls. And if you do face a breach, above all, be transparent with compliance officers and customers.  

I mentioned endpoint protection as a key pillar of defense against these threats. SolarWinds® Endpoint Detection and Response (EDR), powered by SentinelOne®, offers AI-driven threat detection and policy-driven responses and protection. If one of your clients is hit by a traditional, encryption-based ransomware attack, EDR can automatically roll the endpoint back to a known safe state. And it’s available in SolarWinds RMM, which you can use to also manage patches, offer email protection, and run backup. Learn more today. 

 

Tim Brown is VP of Security for SolarWinds MSP. He has over 20 years of experience developing and implementing security technology, including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security. Tim’s experience has made him an in-demand expert on cybersecurity, and has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. Additionally, Tim has been central in driving advancements in identity frameworks, has worked with the US government on security initiatives, and holds 18 patents on security-related topics. 

 

Additional Reading

How Does Ransomware Spread?
Is Ransomware Dead or Still as Deadly?
Should Ransomware Recovery Fall Inside Your Security Contract?
You might also like...
Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

Documentation Management API and Why It’s Important for the MSP Business

Security

What Is FIPS-140-2 Standard and When Is It Required?

Security

Malware-as-a-Service: A Crucial Reason Why Security Has Grown More Complex

Security

National Computer Security Day—It’s Not Just About the Computer Anymore

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
  • TAP Blog Series: Maximizing Your Service Delivery Opportunity
  • Why Do MSPs Choose SolarWinds Backup? IT Central Station Finds Out
  • Seven Features Remote Assistance Software Should Have
  • TAP Blog Series: Creating Your Automation Strategy—Three Key Components You Must Have in Place
Categories:
  • Security (229)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (82)
  • Business Growth (75)
  • The Head Nerds (74)
  • IT Support (41)
  • Business (39)
  • Cybersecurity (37)
  • Automation (36)
  • Operations (33)
  • Mail (33)
  • Remote Management (27)
  • ITSM (25)
  • Cloud Computing (21)
  • Networking (21)
  • Data (21)
  • Marketing (14)
  • Product (11)
  • PSA (10)
  • Mobile (4)
  • Risk Intelligence (4)
  • Service Desk (4)
  • Services & Support (4)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • GDPR (2)
  • Business Risk (1)
  • LOGICcards (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.