Pivot Technology Solutions, a Canadian Managed Services Provider (MSP), disclosed a failed ransomware attack that occurred in June. While the MSP was successful in stopping the attack before any systems were encrypted, they confirmed that data for several affiliates and subsidiaries was accessed or stolen in the lead-up to the attempted ransomware deployment. Investigation by a third party revealed that the attackers had accessed personal information such as names, address, and birthdates, along with more sensitive information including insurance coverage and payroll data. As is almost the standard these days, affected individuals are being offered identity theft protection services for free through Equifax for two years.
MSPs are a very valuable target to attackers due to the services they provide. Gaining access to one organization could mean quick and easy access to several more, making them even more attractive to ransomware operators looking to cause as much damage as possible. Although Pivot successfully stopped the attack before any encryption occurred, data was still stolen. With the growing trend of data theft before a ransomware deployment, even failed ransoms can put pressure on organizations to give into the demands of the attackers.