Ransomware Attacks Abusing RMMs: Why We’re Enforcing 2FA

NinjaOne July 25

In recent weeks there have been numerous reported incidents of attackers compromising MSPs and weaponizing their internal management tools to deploy ransomware across their customer base.

These attacks are obviously alarming, and helping our MSP partners mitigate this threat has become priority #1. Our team is working around the clock to implement a variety of additional security enhancements, including the following:

Effective immediately: All critical and potentially destructive administrative actions will require re-authentication, meaning two-factor authentication (2FA) must be enabled. This includes the ability to upload or edit scripts, the ability to upload executables, and the ability to create or save policies.

In addition, we are making 2FA a core component of our platform’s authentication and authorization mechanism across all customers in the next 45-60 days.

That means in order to use NinjaOne, customers will need to adapt their work-patterns around 2FA.

We recognize that this is going to be a major adjustment for partners who aren’t yet using 2FA, and that it does represent a small tradeoff in convenience. The feedback we’ve received from MSP partners, however, has been overwhelmingly in favor of enforcing 2FA. That feedback paired with the magnitude of the disruptive risk that these attacks pose has convinced us that this tradeoff is necessary.

Therefore, we are asking all customers to take this time to prepare for the rollout of enforced 2FA accordingly. As a reminder, customers can enable 2FA now by navigating to Configuration/Users and selecting the 2FA option of your choice, including SMS, Authenticator, and FIDO key.

In addition to 2FA

We also recognize that, while 2FA represents a clear, immediate security enhancement that can help mitigate these attacks, 2FA is not a silver bullet. It’s simply another tool at our disposal and one additional layer of security.

Just as AWS has the “Shared Responsibility Model,” where all parties play a key role in overall and global security, the practical reality is that companies using NinjaOne or any RMM should also have their own security controls in place to protect their clients and to meet regulatory compliance requirements.

We recognize that our MSP partners are generally above average-to-expert level systems administrators who already have security habits ingrained into their day-to-day. But this is an excellent time for all of us to review our internal security practices and procedures, identify gaps, and seek out opportunities for improvements. To help, we’ve provided an extensive checklist of practical steps MSPs can take to reduce their attack surface and improve their ability to prevent, detect, and respond to attacks.

These include steps that are best practices, but that nonetheless bear repeating:

  • Always lock systems and log out of sessions, regardless of the session type (browser, RDP, SSH, TeamViewer, etc.)
  • Use 2FA at a minimum, but bonus points for using 3FA (e.g., adding biometrics like fingerprint auth)
  • Disable/don’t use browser plugins/extensions that can potentially provide harvestable information
  • Use the built-in security features of browsers such as Incognito/Private windows where no data is saved
  • Disable browser functions such as in-memory caching, SSL caching, and on-disk caching
  • Use privacy screens on displays and monitors
  • Block malicious sources such as known malware URLs/IPs, Tor exit node IPs, and SPAM houses
  • Never open a link or attachment in an email until ensured that the content is safe
  • And the list goes on here

These attacks underscore the need for every company to take a hard look at what they are doing within their own infrastructure, networks, systems, and staff. We hope our partners will rest assured knowing that’s exactly what we’re doing here at NinjaOne, and that we’re laser-focused on providing the most powerful and convenient RMM possible, while taking active measures to reduce the risk of it being misused.

Next Steps

Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.

Learn more about NinjaOne Endpoint Management, check out a live tour, or start your free trial of the NinjaOne platform.

You might also like

Ready to become an IT Ninja?

Learn how NinjaOne can help you simplify IT operations.

Watch Demo×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).