Since June 2019, Managed Service Providers, IT service consultants and hosting providers have been increasingly targeted by ransomware actors. These attacks target the service provider’s remote management tools to increase the blast radius of the attack. When the attack is successful, every downstream endpoint at every client of the service provider is impacted.
In collaboration with NinjaRMM, Coveware surveyed a population of MSP organizations that had experienced a systemic ransomware event. These were events where the MSP’s own remote management tools were used by the attacker to encrypt the data of a large proportion of the MSPs clients.