Written by: Charles Weaver, co-founder of MSPAlliance
It is an interesting question: should MSPs pay ransomware demands? One of the members brought up the idea of not paying ransomware. Given the latest attacks on MSPs, I think it is a great time to have this debate. So, let's do it.
Possible Ransomeware Scenarios
There are several situations where an MSP could be involved with ransomware. First, the MSP itself is attacked and infected with it. The news reports are out there, and everyone can read them, so we shouldn't act surprised. However, it seems to be more likely that we can stamp out ransomware infection amongst MSPs a lot easier than we can in customer environments; more on that later.
Second, customers of the MSP could be impacted by ransomware. Customers could be affected by ransomware as a result of the MSP, or through no fault of the MSP. Either way, the MSP is likely going to be involved in the response and remediation work to help the customer get back to normal system operations.
MSP Response
When impacted by ransomware, prevention is the best course of action for the MSP. What I mean is, MSPs should be a position where they can defend against ransomware more easily and quickly than the rest of the business community. After all, MSPs are IT professionals and should be taking all the necessary and reasonable precautions to prevent a ransomware attack and infection. If infection occurs, the MSP should be capable of quickly restoring itself to operational status.
Saying that no MSP will ever be affected by ransomware (or other cyberattacks) is not realistic. However, recovering from such attacks should be part of every MSP's business continuity and disaster recovery planning.
Customer Response
Customers are more likely to find themselves victims of ransomware attacks. More importantly, these same customers are also less likely to be prepared for such a cyberattack and less capable of restoring to operational status quickly.
While we place a higher standard of care on MSPs, end-user organizations have a much more difficult path ahead. MSPs have always had to play "catch-up" with their customers when it comes to training and educating them on proper cyber hygiene. As more customers deal with the impact of cybercrime, the faster they should evolve when it comes to protecting themselves against cyber attacks. This cyberattack prevention necessarily includes allowing their MSPs to backup data, test data restoration regularly, and implement relevant cybersecurity policies and procedures.

