We’ve talked a lot about ransomware on the blog. As we noted in our recent cyber roundups, ransomware continues to be a major issue across industries. School districts, universities, and local governments have all suffered from attacks. And now, criminals have found a way to unleash these attacks in a way that causes maximum damage.

Hackers have learned that rather than target each organization directly, the key is to attack a company that manages the infrastructure for multiple businesses. In July of last year, dozens of dental clinics across Washington and Oregon experienced network disruptions. It turned out that the clinics all had something in common – their managed service provider.

A managed service provider (MSP) is a company that remotely manages a customer’s IT infrastructure and/or end-user systems. Organizations choose to use MSPs because it’s often a cheaper solution than maintaining a full time IT employee.

In a surprising turn, the company just completely disappeared after the incident. They returned no phone calls or emails and announced a few weeks later that the were closing due to this attack. Dozens of businesses were left without their files or any support. And it also means that hackers had a pool of desperate victims to exploit.

In a similar incident in August an attack on an MSP in Texas crippled 22 local governments at that same time. Over 400 dental offices were affected by a ransomware attack on their MSP in August as well. The company noted in an update that it obtained a decryptor, which indicates the possibility that the MSP paid a ransom in exchange for the key.

These incidents serve as a reminder of two things: first, how ransomware attacks have evolved and will likely continue to change in the future. And secondly, we must remember that when we put our data in the hands of a third party, we must perform due diligence on their integrity and security.