Security against Ransomware: An MSP’s Guide to Best Practices

Security against Ransomware: An MSP’s Guide to Best Practices

Cyber world has been under attack by Ransomware since 1989 and in the recent years we have a seen a significant increase in these attacks, most of which are targeted towards Healthcare, Government, Education and Non-profit organizations. Though practically speaking, no one is truly safe from a ransomware attack. Hackers target organizations that have sensitive data, thus increasing the probability of getting ransom. Factors like known vulnerabilities, lack of employee training, technology used for the attack, cost of implementation, etc. also influence the attack.

Manages Service providers and Cloud Solutions Providers like us aren’t safe as well, as we have our own data centers hosting production servers and private data. Compromising an MSP would have a direct impact on the clients thus increasing the potential damage. Popular ransomware variants like NotPetya, WannaCry, Spora, Cerber, Jigsaw, Cerber, Bad Rabbit, CrySis, etc. have been notoriously in action affecting thousands of organizations worldwide.

Kill Switch:

When the WannaCry ransomware was in action, it checked for a specific domain with some arbitrary name before attacking the system. It would execute itself only if the domain was not live. A security researcher by the online name MalwareTech registered the domain thus activating the kill switch and preventing all the future attacks by WannaCry. Unlike WannaCry there are other ransomwares without any kill switch. With so many variants of ransomware coming out each day, it becomes very difficult to find if there is a kill switch for any of them. Instead, organizations can focus on preventing the attack in the first place by following the best practices and the do’s and don’ts mentioned further in this article.


As the old saying goes “Prevention is better than Cure”, one has to make sure to be updated with the latest security patches and updates of their systems, firewalls and anti-virus. Having an Intrusion Detection and Prevention System (IDP/IPS) in place will add a good layer of security to your organization. We recommend using firewalls that have an in-built IDS/IPS system. Ensure timely backup of your data to prevent any data loss. Make your servers more secure by implementing Server Hardening. Your Business Continuity plan should be designed considering the possibility of a ransomware attack as well.


If after all the precautions you get still hit by ransomware, DON’T PAY THE RANSOM. There is no guarantee that the attacker will give you the decryption key and you may end up losing both your data and money. It best to disconnect the infected device from the network so that it doesn’t spread to other devices on your network. Report this incident to your IT department and the higher-level executives. You can use online web services and tools to detect the type of ransomware affecting your system and then find the appropriate tool to decrypt your data without paying the ransom. Be safe.

For more information on how to avoid becoming a cybercrime victim, contact us here at the Intrinsic Technology Group today. Our Managed IT Services can provide you with the cybersecurity solutions you need to protect your digital assets while optimizing your daily operations.