Ransomware: Once Again, It’s Groundhog Day! What are you doing to stop GandCrab?

Chris Ault

Here we go - the IT community is, once again, scrambling to address a ransomware attack, an attack that was caused, yup, by a simple, facepalm-worthy human error. Unfortunately, there’s no happy ending in sight here, because the IT community still hasn’t figured out how to stop endlessly reliving history. What is this - Groundhog Day?


This latest cyber attack concerns GandCrab, a fiendishly clever piece of ransomware that is purpose-built to exploit the vulnerabilities of the world’s managed service providers (MSPs).

MSPs are trusted by millions of customers to remotely monitor and maintain their IT infrastructure and end-user systems. Once the customers pay their subscription fee, they’re confident that they can kick back, relax, and focus on their business. MSPs work diligently to keep their systems humming, proactively safeguarding them from all the hazards of the digital jungle.

But even the best MSPs aren’t immune to absent-mindedness or sloppiness. A vulnerability on the MSPs’ Kaseya app was discovered way back in 2017, and Kaseya moved quickly to release a patch. But we now know that dozens of MSPs failed to install the updated Kaseya plugin on their ConnectWise dashboards, leaving their networks — and therefore all their clients — exposed. And that exposure has been exploited with astonishing elegance and efficiency. The evil genius of GandCrab is its ability to mass-infect thousands of MSP clients in a single attack.

GandCrab emerged early in 2018, and within two months, it infected more than 50,000 victims, generating at least $600,000 for the attackers. And the bad news doesn’t end there. As it happens, these criminals have actually followed the best practices of legitimate enterprise software development. They’ve used agile methodology to iterate code quickly, adding features, improving efficiency and eliminating bugs along the way. As of this past Wednesday, February 13, GandCrab was up to version 5.1.6.

This is, of course, an existential threat to the credibility and viability of MSPs everywhere, and some have reportedly paid out the ransom to avoid having their negligence exposed.

But stamping out GandCrab today will do nothing to thwart tomorrow’s hack du jour. It doesn’t matter whether GandCrab was the work of organized crime or a rogue state or the proverbial guy in his parents’ basement. And it doesn’t matter who did or didn’t get the memo about installing a patch. Ultimately, it’s all about the environment provided for your users and, by extension, your hackers. Because at the end of day, hackers will view your most insignificant vulnerabilities as the eight-lane highways they are.

We built the Tehama platform to anticipate and address everything that made GandCrab possible. We don’t believe in wringing our hands over the what-ifs of human error. Tehama provides a zero-trust workspace that makes human error irrelevant.

Tehama eliminates the need for the vulnerability of a VPN connection. Our Rooms are secure workspaces that can’t be accessed without SSO and multi-factor authentication. Access credentials are controlled strictly by Room administrators, and users must receive administrator approval for access on an app-by-app basis. The default setting for the Tehama firewall is “no access,” including to the internet. All workspace activity is video-recorded, and that record is easily accessed by the administrator should it ever be needed.

Tehama solves the problem presented by ransomware for both the buyer of MSP services and the MSPs by enabling them to collaborate on projects in a secured Room. But Tehama security will never slow you down. Tehama takes care of quickly onboarding, managing, scaling, and auditing all your remote teams. With Tehama, you can connect and collaborate around the world, launching productive work environments (Microsoft Windows and Linux virtual desktops) in minutes instead of months.

It’s time to stop reliving history. I invite you to download our white paper to learn more about how Tehama can safeguard your business. And if you’d like to experience a Tehama workspace for yourself, please sign up for a live demo here.

White Paper 


More Posts

Subscribe Here!