Sophos has warned managed service providers (MSPs) they are the targets of a ransomware attack that is hoping to exploit the systems the channel uses to monitor and service customers.
The security vendor has shared its experiences tracking DragonForce attacks, which look to exploit vulnerabilities in remote monitoring and management (RMM) tools.
It shared an example of a ransomware attack that gained access to the SimpleHelp RMM and used it as a springboard to reach multiple endpoints.
Sophos is warning MSPs to be vigilant in the face of DragonForce and to tighten up managed detection and response (MDR) tools to keep the threat at bay.
DragonForce ransomware has been described by Sophos as “an advanced and competitive ransomware-as-a-service brand”, which has been around for the past two years.