The Partner Channel Podcast Episode #23
The Rise of Ransomware and its Impact on the Channel
In this bonus episode of the Partner Channel Podcast, Daniel Graff-Radford sits down with Greg Edwards from CryptoStopper to discuss the rise in ransomware attacks. Greg explains the evolving role of MSPs and some key ways to secure your tech stack.
Daniel Graff-Radford: Welcome to the Partner Channel podcast, The Voice of the Partner Channel community. I’m Daniel Graff-Radford CEO here at Allbound. I’m really excited to be here with Greg Edwards, who’s the CEO at CryptoStopper. Welcome, Greg. Thank you for being on our show.
Greg Edwards: You bet. Thanks for having me, Daniel.
Daniel Graff-Radford: Great.Could you start us off by walking us through your background in the channel and why you started CryptoStopper?
Greg Edwards: Sure, yeah. Actually, my background in the channel, I started an MSP in 1998, so I’ve been around for a long time. This is actually a second start-up out of the MSP that I own. Previously I started up a company called Axis Backup that I exited to J2Global back in 2016. We were seeing the rise of ransomware started as far back as 2012. Then built CryptoStopper, the current product that we have and now are selling within the channel started that up because it was just off-site backup even when we had good backups, wasn’t good enough to stop and recover from ransomware. And so really built it out of the MSP for our clients and for our offsite backup clients. And now today we’re fully engaged with the channel and selling only to the MSP channel.
Daniel Graff-Radford: Yeah. And, you know, unfortunately, with this recent rise in ransomware attacks, this is an important topic for people to be thinking about, not just as an offering through the channel, but, you know, can you help us understand as someone who leads a company that has this type of solution, you know, kind of what it is that you guys offer for our listeners to understand it?
Greg Edwards: Yeah. So what we found is that ransomware was getting past antivirus. And still even today, the statistics show 77% of the time in successful ransomware attacks the company that’s attacked had up-to-date antivirus. And that’s exactly what we were seeing, is that antivirus wasn’t stopping it. So what we built is an algorithm that detects and sees ransomware as it’s actually happening and then kills that process and/or isolates depending on if it’s running on the network. So we deploy bait files throughout the network to speed that detection of ransomware up and then and then kill it.
Daniel Graff-Radford: That’s interesting, so sort of like things for the ransomware to look for, and then when found you’re able to identify the ransomware and kill that that in the network.
Greg Edwards: Yeah, exactly. And the average time to detection in that automated stopping is less than a second. And that’s really important that it’s after it’s running. So this is ransomware that gets past everything else. So you look at like the Colonial Pipeline attack had they had CryptoStopper, which unfortunately they didn’t, but had they had CryptoStopper, then once it started running, it might have infected, you know, five to ten files and encrypted those, but it wouldn’t have taken down the entire network.
Daniel Graff-Radford: Yeah. So obviously, for those of our listeners, you know, this is being recorded in June of 2021, if you’re listening to it on a future date. But I’m super interested. You know, Greg, is there a natural rise happening in ransomware, or is it just the news is covering it better kind of what’s going on out there?
Greg Edwards: A combination of all of that. So, I mean, we only see what we see in the news are the massive attacks on companies that cause a national kind of disaster or regional issue. So the SMBs that are being hit all the time, don’t you don’t see that in the news. The estimates were in 2020 that there were there was a 7X increase in ransomware attacks over 2019. I would say 2021 is on par at least with 2020 if not an additional rise again this year.
Daniel Graff-Radford: That’s kind of scary stuff. And let’s go back to kind of what you said in the beginning. So you got started with an MSP. So you clearly understand the force multiplication of bringing these types of solutions to market through the channel. What made you decide that this one was going to be a channel first approach to go to market?
Greg Edwards: Well, fortunately, or unfortunately, maybe we learned some hard lessons and trying to go direct and it was really hard to go direct and educate the IT departments or the users on what the need for CryptoStopper. Everybody wanted better antivirus. They weren’t. Will we want to prevent it? We don’t want to have ransomware run on our network. Well, yeah, that’s what everyone wants. But the MSPs really get it. I mean, I haven’t talked to an MSP in the last two years that hasn’t dealt with ransomware. So they know that even up-to-date antivirus is not stopping ransomware, and so it’s that last line of defense so they don’t have to rely on backups. Which we found all the way back to 2012 doing recoveries, the very first ransomware that we dealt with at Access Backup, they were requesting a 60 dollar ransom. Which today seems insane that that that that a ransom could have ever been that low. I mean, the lowest I’ve seen any time recently was for about forty thousand. That was it’s all in Bitcoin. So it’s not typically exact U.S. dollar conversion, but the equivalent of forty thousand is the lowest I’ve seen in the last couple of years.
Daniel Graff-Radford: And so, you know, this is really interesting is if you’re arming your MSPs to speak to prospects, how do you guide them on what’s kind of a sensitive topic? You were talking about how some prospects out there think that all they need is antivirus, but, you know, kind of sharing the scary news, but also, you know, wanting to be sensitive to the topic. What guidance do you give?
Greg Edwards: Well, and so the thing I mean, companies think that they’re already protected and that their MSP is taking care of all of that so they’re not at risk. So really, the best way to have that conversation is either to have a standardized stack. You just have the security stack that you update and you manage that stack for the client and it’s a bundled price. The other way to do it would be that this is the 2021 security offering that we have. And here are the products that you need. Currently, you don’t have ransomware after the fact detection tool. And so so really one of two ways we’re seeing probably about a 50/50 split in MSPs that we’re selling to that have that standardized stack already and just bundle CryptoStopper into that versus having to go out and sell it to their clients.
Daniel Graff-Radford: I love that as an approach, and when you can find those things that daisy chain into other offerings, like, you know, CryptoStopper being part of a broader security approach, that goes really well for the MSP that has sold a predecessor product, maybe great antivirus for inoculating, but then for the percentage that gets through, which is apparently a really high percentage CryptoStopper, becomes the second offering that you sell and that those sorts of things together make a lot of sense.
Greg Edwards: Yeah, and we’re even seeing clients having or seeing partners have their clients sign liability waivers, just saying here’s the standardized stack that we’re offering. If you don’t want all of these tools, you know, check the ones you don’t want, and please sign here that we offered it to you.
Daniel Graff-Radford: Like a 401k already opted in.
Greg Edwards: Or right. Right. Well, insurance agencies do that all the time. When they sell commercial liability insurance, they’ll have their clients sign off on the things that they said they didn’t want because when they have a disaster and the insurance doesn’t payout, they want to know that it was offered.
Daniel Graff-Radford: That makes a lot of sense. And so, you know, can you give any examples? I don’t know if you can probably not say names, but of, you know, an MSP that sold, you know, CryptoStopper to somebody and it helped them out in preventing a ransomware attack.
Greg Edwards: Yeah, yeah. Actually, we have a great case study with a law firm that the accounting person within the law firm opened a PDF file that was one of those renew involves emails that we all see get through the spam filter spam and virus filters. And she opened this PDF file and it started running a ransomware attack. And before she even I mean, she didn’t see that it was doing anything, but then got the CryptoStopper pop-up and said ransomware has been detected. You’re being shut down and shut down our station. The thing. So we have that about every six weeks or so. It’s becoming more that we’re seeing those kind of events happening. But it’s really a non-event. So in that case, the MSP restored a few files that were hit. Nobody else in the company even knew that they had had a problem. And that’s what you want right.
Daniel Graff-Radford: That makes a lot of sense to hate that it happened for her. But just to understand that. So your MSP sold a bundle of solutions to this law firm. It included the CryptoStopper. The woman at the law firm opened a PDF, as we all do every day, and it began a ransomware attack, CryptoStopper stopped that attack and stopping it. Then it limits the damage to what it gets in that less than a second, but then the overall network stays healthy. Is that right?
Greg Edwards: Exactly? I think in that instance, there were 6 files that had to be restored. So as opposed to because it would have continued. Right. I mean, it was attacking the network and that’s where the accounting person that opened it didn’t see anything happening because it just went straight after the network shares and started encrypting files. Had CryptoStopper, not been there, would have encrypted network you all of the network shares before anyone knew what was going on. Where someone goes to open a file and they can’t open it and they’re in mid-attack. But, you know, usually, it’s way too late by someone by the time someone realizes it’s running.
Daniel Graff-Radford: I think this is a great example. Great story. I really appreciate you taking the time to educate our listeners on your solution and why your channel first and how you work with the channel. I think we all learned a lot, but I’ve got final four questions for you. Here they go. If you had one superpower, what would it be and why would you choose that one?
Greg Edwards: Oh, wow. I think flight would be that superpower
Daniel Graff-Radford: That makes sense. And can you give us an example of a mistake and a success that you have had in the channel?
Greg Edwards: Sure. I think the simplest mistake is not going to the channel first. Once we did decide to go all-in on the channel, not engaging with the channel enough. And so then the success side of that was once we started really engaging, working with folks like you and going to channel-specific events, that’s when we really started to take off just in 2021.
Daniel Graff-Radford: Yeah. Partner engagement takes work, but yeah, that makes a lot of sense. And, you know, for people that aspire to one day be a leader like yourself of a company and a channel program, is there a book it can be a business book or any other book that you’d recommend to someone you know?
Greg Edwards: So it’s not a channel-specific book, but and this is an old one. It’s called the e-myth. The author is escaping me. But great, great book on why we as entrepreneurs go and start a company for the love of what we do. And then it turns into hatred for that. So how to how to organize your business and how to run your business so that love you know, for me it’s a love of technology that you don’t turn out hating that love and passion. Keep that passion alive.
Daniel Graff-Radford: Ok, that’s a good one. Haven’t had that one recommended yet.
Greg Edwards: It’s old it’s probably 20. I, I read it at least 20 years ago, so I bet it’s 30 or 40 years old.
Daniel Graff-Radford: All right. Now let’s try to predict the future five years from now. What will be the major changes in the channel that are happening right now that will affect us in the future five years?
Greg Edwards: Yeah, so the consolidation, that’s the big thing that’s, you know, has been going on for a while now. But I think we’re coming into a time now within the channel where the larger companies are buying up small companies like CyptoStopper. And I think that’s just going to continue to accelerate. And the good part of that is that we don’t have it now. But I see five to 10 years from now that we’ll have some really good products. That are, I don’t want to say silver bullet, but, you know, are that where you can go to one marketplace and buy a product that can be your entire stack from your arm to your security tools and have it all in that one pane of glass that we’ve talked about forever, I think actually maybe coming in the little over five years.
Daniel Graff-Radford: I think that’s a pretty bold prediction. Greg, I feel like security technology is one of those things. That’s an arms race. You know, you guys come out with CryptoStopper, someone comes out with some way to, you know, identify honeypots or, you know, like there’s you could be really interesting how this arms race continues. But I love this idea of a marketplace having trusted people in the MSPs that you can go to for these broad things. I think what you’re predicting makes a lot of sense. So to wrap things up, I just want to thank our guests, Greg Edwards from CryptoStopper. And as always, I want to thank our listeners for joining us here in the Partner Channel Podcast. If you like what you heard, subscribe to our podcast episodes wherever you listen to podcasts.