The Landscape of Ransomware Solutions: An In-Depth Guide for IT and MSP Decision Makers
Ransomware Attacks and MSPs
Ransomware attacks reduce revenue for both Managed Service Providers (MSPs) and their clients by interrupting business operations, but ransomware solutions provide impressive disaster recovery capabilities for uninterrupted business continuity. MSPs are up against a bleak cybersecurity landscape with a steady rise in the severity, frequency, and success of ransomware attacks. Double extortion attacks and Ransomware-as-a-Service are gaining popularity with bad actors as well as targeting SMBs, including MSPs.
Table of Contents
With an expanding ransomware attack surface, many MSPs struggle to choose the right protection for themselves and their clients. In this guide, MSPs can explore current threat vectors to properly assess and select cybersecurity tools and ransomware solutions to keep businesses going.
The Evolution of Ransomware Attacks and the Need for Robust Ransomware Protection Solutions
The Changing Face of Ransomware Attacks
As has been true for years, ransomware is still going strong as a sophisticated attack method that works. According to Verizon’s 2023 Data Breach Investigations Report, “Ransomware continues its reign as one of the top Action types present in breaches, and while it did not actually grow, it did hold statistically steady at 24%.” Furthermore, almost a quarter of breaches involve ransomware attacks that can be performed via email in a phishing scam, which is also prevalent and effective.
During ransomware attacks, bad actors often target SMBs, believing these companies won’t have the infrastructure in place to prevent an attack or lack backup and recovery capabilities to restore data. This puts pressure on businesses to pay expensive ransoms in a desperate attempt to avoid the impact of permanent data loss.
The Rising Demand for Advanced Ransomware Solutions
In order to confidently do business and withstand a ransomware attack, SMBs rely on MSPs for advanced ransomware solutions that can deliver uninterrupted business continuity and disaster recovery (BCDR). While many legacy backup and disaster recovery (BDR) tools still require manual interventions – which slows and complicates recovery – modern solutions automate cyber resilience for fast recovery from ransomware attacks.
MSPs need to take a security-first approach to ransomware, cyberattacks, and ransomware protection solutions: it’s not a question of if your clients will be hit, but when a client is hit, are you prepared to recover rapidly? Having the right ransomware solution in place will give you the confidence necessary to sleep soundly, knowing you can always recover, no matter what.
Key Features of an Effective Advanced Protection Ransomware Solution
Disaster recovery as a service (DRaaS) is a potentially lucrative option for MSPs to prevent ransomware attacks, offer clients ransomware protection, and fulfill competitive SLAs. To position themselves as a trusted partner, MSPs must focus on real-time protection for ransomware threats, data backup and recovery, and client education and awareness.
Real-time Protection from Ransomware Threats
Continuous real-time protection is vital to secure essential files to stop unexpected malware attacks like ransomware. Features like automatic air gap and multi-factor authentication (MFA) can help protect a network from cyberattacks that can threaten the entire business’s security.
Modern solutions with automation provide significant cybersecurity benefits that manual interventions can’t compete with. Automation enables the instant responses necessary to stop bad actors from further penetrating networks and systems. Additionally, real-time monitoring and escalation policies alert technicians to issues before they become problems.
Data Backup and Recovery for Ransomware Protection
MSPs provide data backup and recovery through BCDR solutions. Backing up data and ensuring disaster recovery readiness is essential to prevent permanent data loss. Backup availability is required for disaster recovery, so choosing a solution equipped with built-in ransomware protection is ideal.
In addition to automation, ransomware rollback features like AirGap separate data deletion requests from the mechanics of data deletion. Only through a series of confirmations can data deletion requests be executed. Even when a bad actor believes they’ve deleted the data, it’s safe in the air-gapped archive and ready to be restored instantly.
User Education and Awareness to Prevent Ransomware Attacks
No matter what solutions or plans you have in place, human error is the number one cause of data loss, making user education and awareness a key piece of prevention. Employees should be made aware of the potential attacks most likely to be carried out – specifically phishing strategies carried out via email.
User education should also include simulated attacks and practice drills to improve detection and response techniques while giving disaster response teams to perform their own testing. Ransomware playbooks, security refresher courses, and live demonstrations of attacks in the wild will help users understand the implications of ransomware attacks and the best approach for comprehensive ransomware protection and malware identification.
Top Ransomware Protection Solutions on the Market
MSPs can protect everything and prevent ransomware with the Axcient x360 Platform, built specifically for MSPs and their SMB clients. With x360Recover for BCDR and x360Cloud for Microsoft 365 and Google Workspace backup, MSPs can quickly recover from cyber attacks with built-in threat detection and ransomware protection. Critical capabilities include a competitive 15-minute recovery point objective (RPO) and less than one hour recovery time objective (RTO) using Axcient’s proprietary Chain-Free backup technology, AirGap, Virtual Office, and AutoVerify.
- Chain-Free Backups: Solve data bloat and eliminate the pains of legacy, chain-based backups. Data is stored in a native virtualized state with a pointer array algorithm so that each recovery point is independent – no chains to break, no reseeding, and no consolidation.
- AirGap: Using automatic airgap technology, honey pots, human factor controls, human two-factor authorization, and varying time gaps, MSPs protect data and reinforce that protection with multiple controls.
- Virtual Office: Self-managed disaster recovery and disaster recovery testing with virtualization of one or more systems in the Axcient Cloud to temporarily replace all impacted production infrastructure for business continuity.
- AutoVerify: Intelligent, automatic, and daily backup integrity tests on protected systems with verification and proactive alerting ends “backup burn” and time-consuming, error-prone, manual verification.
Additionally, the Axcient Knowledgebase is extensive with step-by-step, complete product guides along with responsive 24/7/365 support, making Axcient easy to use for technical and non-technical users. Furthermore, Axcient’s free resources are created specifically for MSPs and include blog posts, case studies, videos, and in-depth, downloadable playbooks and checklists.
Get started with the Cybersecurity Readiness Bundle for MSPs, and you’ll receive all three of the following resources:
- The 5 Critical Pieces of a Good Cybersecurity Playbook
- Best Practices in Disaster Recovery Planning and Testing
- Surviving a Total Ransomware Takedown: An MSP Quick Guide for Overcoming Today’s Cyberattacks
A quick whip around the internet reveals an overwhelmingly positive response from reviewers to the Axcient solution. Pros: Easy setup and monitoring, comprehensive backup and recovery, intelligent automation capabilities, and excellent support. Cons: Lack of support for Linux – however, Axcient is launching Linux support soon!
Other Top Ransomware Protection Companies
Software reviews are always subjective, and selecting an advanced ransomware protection solution is difficult. Until you really get in and start using a solution, you won’t completely know how it will work with your technicians, clients, and environments.
Here are some brief introductions to start engaging ransomware protection providers, both giants and new players in the digital security industry. MSPs should take part in free trials and demos where possible to simulate ransomware attacks and test the detection and response capabilities of a potential solution.
Datto, acquired by Kaseya in late 2022, provides policy-based patch management through Datto RMM to keep clients’ machines secure. It includes native Ransomware Detection, which monitors for crypto-ransomware and attempts to kill the virus to reduce the impact of an attack.
With Datto RMM and Autotask PSM, MSPs can proactively respond to ransomware through monitoring alerts that are routed to technicians to prioritize tickets. Datto SIRIS for backup and recovery detects ransomware within backups to help save time when locating the last clean system restore point.
Using chain-based backup technology, Datto does have larger storage requirements on local appliances, and MSPs are restricted to using Datto appliances. The Datto Infinite Cloud cannot backup servers, only single drive devices less than 1 TB. Make sure these limitations still cover client use cases without incurring additional costs to your MSP in order to maintain profitability.
While Datto products have always been competitive in the channel, recent reviews since it was acquired mostly reference price as the main detractor. MSPs need to weigh the costs and benefits of a solution to make sure you’re getting what you need and nothing you don’t – including unnecessary expenses. The best solution is often not the most expensive, and a vendor prioritizing profits over usability and MSP-specific support might raise red flags worth more investigation.
StorageCraft, an Arcserve Company
StorageCraft merged with Arcserve in 2021 to broaden its portfolio of data protection products. It provides MSPs with data protection and disaster recovery, with total integration of ransomware and malware prevention. Arcserve UDP (unified data protection) uses Sophos to secure Arcserve appliances and Arcserve cloud hybrid environments with OneXafe immutable object storage.
MSPs who choose Arcserve will need separate software packages for backup, chain management, and monitoring, and cloud backup is also sold separately. Ensure that labor teams have the time, resources, and expertise required to manage and recover using multiple tools and chain-based backup technology. Reviewers on Gartner Peer Insights generally give Arcserve the clear thumbs up, detractors cite an old-fashioned interface, poor support, and bugs whenever the software is updated as cons for this solution.
Like many MSP vendors, Arcserve cloud pricing is tier-based, so not all recovery features are available in all pricing plans. When vetting these vendors, you need to keep a close eye on scalability and storage overages. MSPs must keep up with clients regarding scale and costs to not continuously be upping prices and risking client relationships.
Veeam’s approach to ransomware is to overcome any cyber threat with its single solution that provides total control over recovery, multi-layered immutability, complete data mobility, comprehensive monitoring, and simplicity through automation. The Veeam Data Platform brings together various features into a single solution that is offered in three enterprise-grade editions for protecting Cloud, Virtual, Physical, SaaS, and Kubernetes applications across IT environments.
Using chain-based forever incremental backup technology, Veeam limits cloud storage and retention, the availability of cloud virtualization depends on the cloud provider, and verification of backups requires manual configuration. Veeam does provide manual, partial airgap ransomware protection with direct-to-cloud server backup and instant on-site virtualization.
While many users find Veeam support highly dependable, others dislike the user interface and say the install base is too large and resource-heavy, straining usage. Technicians must be agile, swift, and knowledgeable to recover systems quickly. The more solutions necessary, the more management and expertise are demanded by technicians, which can become expensive and time-consuming over time. Standardizing your stack is a good way to focus teams and recover confidently, knowing technicians have mastered a single solution.
Acronis Cyber Protect Cloud provides proactive protection for clients’ systems from cyberattacks in real-time with AI-based static and behavioral heuristic antivirus, anti-malware, and anti-ransomware technologies. It protects data wherever it resides across physical, virtual, and cloud-based environments. Backup and recovery capabilities bring data back in whatever form it’s needed – full-image, file-based, and more while reducing downtime with the ability to spin up workloads, use runbooks, and test failovers.
Another chain-based forever incremental backup, MSPs using Acronis, will need to reseed data after ransomware restores. Cloud storage and retention are limited, and instant on-site virtualization, cloud virtualization, automated screenshot virtualization, and runbooks are available at a higher cost. Turn-key BDR appliances are unavailable, and there is no option for instant VMDK/VHD exports.
Fans of Acronis cite its friendly UI and ease of administration as high points, while less enthusiastic reviewers want more customization, fewer limitations, and more special features. Depending on the individual needs of clients and the preferences of technicians, MSPs need ransomware protection that suits both. Compare and contrast features and critical capabilities when vetting solutions to ensure you’re not getting nickel and dimed for essential BDR tools.
Comparing Ransomware Solutions: What to Look For
Comparing Key Features for Effective Ransomware Protection
Organizations have different needs for ransomware protection, so it is essential for MSPs to be able to offer clients a personalized detection and response solution that addresses their specific requirements. These three differentiators indicate that the solution takes a modern approach to today’s ransomware attacks and can help you do the same.
- One solution that covers most use cases. BCDR flexibility gives MSPs the advantage of appliance and cloud-based deployments to protect various client environments – including endpoint backup, hardware-free BDR, full-service BDR, and public or private cloud – with just one solution for rapid recovery.
- Automatic ransomware rollback. Airgap technology creates a safety deposit box of backups and business-critical data that cannot be deleted unless the deletion request is confirmed through multiple verification steps – meaning it is always available for recovery.
- Pooled storage. Tired pricing means MSPs and their clients can always pay more, while transparent pooled storage with a straightforward Fair Use Policy ensures consistent, predictable billing without fear of overages.
Evaluating Vendor Reputation and Support
While the products a vendor offers are the most important thing to security, the vendor’s reputation and support capabilities are next in line. As an MSP, you want an MSP-dedicated vendor who understands and solves the pain points of the channel. In today’s rapidly evolving cybersecurity landscape, vendors need to consistently release new product features and automatic upgrades that continue to protect against ransomware and other malware attacks. A vendor that is committed to your industry and the complete protections SMBs need is a top priority for a long-lasting relationship.
Similarly, 24/7/365 responsive support is essential for quick recovery. MSPs must know that when disaster strikes, all hands are on deck to get clients moving again. Be wary of vendors with constantly changing reps, long wait times, or any vendor that outsources support. Third-party support reps often lack the product knowledge necessary for fast and efficient troubleshooting.
Considering Cost and Value for Money
Anti-ransomware and anti-malware solutions may look like a special add-on to some MSPs, but that’s a dangerous perspective to have. Assuming “it won’t happen to me” leaves you in big trouble when it does, and you’re unprepared. Foregoing ransomware protection solutions means that after a ransomware attack does happen, the data is lost forever. Your clients and your MSP could face breach consequences, including out-of-compliance fines, loss of cyber insurance, ransom payments, recovery costs, and loss of reputation.
Of course, that’s not necessary. With comprehensive BCDR, protection is built-in and always-on to consistently and proactively protect clients. With ransomware being so prevalent, not having protection is no longer an option – regardless of cost.
Making the Final Decision: Choosing the Right Solution for Businesses
Assessing Business Needs
Assessing the specific needs of a business for ransomware protection and devising an effective threat response can be time-consuming. MSPs should be prepared to explain why they have chosen a particular ransomware protection solution or suggest using certain anti-ransomware tools.
Clients have different needs, and the best way to accurately assess these needs is to do an individual ransomware risk assessment for each client. MSPs who design ransomware prevention plans for their clients should be aware that to prevent ransomware risk, every use case will need to be treated differently. Ongoing disaster recovery testing and practice drills help optimize ransomware recovery based on changing client needs over time.
Implementing the Chosen Solution
Proactive planning is the best protection against ransomware after choosing ransomware protection tools and before deploying them.
- Notify relevant stakeholders at your MSP and your client’s business to discuss a plan of action to detect and neutralize ransomware.
- Identify desired business outcomes, for example, to prevent downtime, comply with an SLA policy, or prioritize fixing security gaps.
- Document existing security postures and identify security gaps, like open remote desktop protocol ports, unpatched software, and unsecured access points.
- Prepare a comprehensive test plan, construct a test environment or use runbooks, and create both probable and improbable test sequences and attack scenarios with clear recovery paths toward business continuity.
- Deploy the chosen solution.
- Investigate success metrics by validating security credentials, ensuring employees have completed security tests, and testing backup integrity to prevent backup burn.
There are so many ransomware protection solutions on the market that choosing one can be difficult, especially for MSPs with different client requirements. For instance, one client may need best-in-class email protection across multiple branches, and another may need protection for a host of remote workers.
The most sensible approach is five-fold: Keep up to date by reading blog posts about the latest ransomware trends and ransomware protection strategies available; take advantage of free trials and demos before committing to a solution; assess the main features of the solutions you like; perform comprehensive risk assessments for clients; and compile a ransomware protection playbook.
Get started with the Ransomware Recovery Guide for MSPs!
About the Author: Carissa Johnson // Product Marketing Manager, Axcient
Carissa Kohn-Johnson has a background in healthcare technology and information technology, and is now the Product Marketing Manager for Axcient. She has a lot of MSP Channel experience from planning and attending hundreds of conferences and tradeshows, and found her passion in IT. Carissa is also an elected official in Cary NC, a town chock full of technology-forward people. Connect with her on LinkedIn – perhaps you can contribute to the Axcient blog?