COMBATTING RANSOMWARE
Cyberthreats are now an accepted part of everyday life for businesses and ransomware is one of the most common forms of attack used, which means MSPs must be alert to the ever-changing threat they pose. As Phil Skelton, senior director, international sales at eSentire, notes, in UK Government research, the number of companies affected by ransomware doubled to 19,000 during 2025. “The market around ransomware has expanded too, with threat actors carrying out more specialist roles and creating an economy around access,” he adds. “There are those that get paid for initial access, those that create Phishing-as-a- Service and Ransomware-as-a-Service kits, and those that try to monetise the access with ransomware, conducting the negotiations and trying to get payment. “For customers, the impact is that ransomware has become more professional and targeted. In our research, the top industries targeted included business services, construction and finance, where companies have high-value data, operational sensitivity to downtime, and frequent large financial transactions, making them attractive targets.” Dominic Ryles of Hammer Distribution adds that ransomware attacks are now a routine reality for businesses of all sizes. “In the UK alone, a significant proportion of organisations report attempted or successful attacks each year, and the trajectory is still upward,” he says. Keeping customers safe There are various strategies MSPs can employ to ensure that customers are kept safe from ransomware attacks. “Ransomware is not a sophisticated problem,” says Dinesh Hirani, head of information security at Redsquid. “The entry points are the same ones we’ve been talking about for a decade: phishing, weak credentials, unpatched remote access, poor configuration. The attackers
are not getting cleverer. The gaps are just still there. “That should worry any MSP, because it shows the standard tool-first playbook is not enough. Too many providers sell EDR, MFA and backup and assume the customer is covered. In reality, layered defence requires strong identity protection, least-privilege access, phishing-resistant MFA device trust, secure configuration, vulnerability management, network segmentation, continuous monitoring and resilient backups. A tool without someone watching it at 2am is just a log nobody reads. CISA and NCSC-UK continue to warn that the most exploited weaknesses are not exotic; they are exposed RDP, default credentials and unpatched internet-facing systems. If a managed service does not close those gaps operationally, the tools are furniture.” Dinesh says this is where ransomware readiness assessments earn their keep. “Not a tick-box audit, but a real test: is privileged access actually controlled, or does everyone quietly have domain admin? Are backups recoverable under pressure, or just ‘running’? Can the team make a containment decision in minutes, or does that require a call tree and three levels of approval? These are the questions that determine whether an attack becomes an incident or a catastrophe. “But readiness assessments only matter if the response architecture can act fast enough. Modern ransomware encrypts in minutes. No human analyst, however skilled, can triage an alert, confirm the threat and make a containment call before the damage is done. That is why automated response is non-negotiable: EDR that kills a malicious process on the endpoint the moment it detonates, or NDR that drops hostile traffic on the wire before it spreads laterally. That machine-speed response buys you the time a human needs. A managed SOC then picks up where automation stops,
Contributors
Phil Skelton
esentire.com
Dominic Ryles
hammerdistribution.com
Dinesh Hirani
redsquid.co.uk
CONTINUED
www.newsinthechannel.co.uk
33
Powered by FlippingBook