Customers trust OpenDNS to protect them against the latest online threats, but sometimes infections sneak in as binary email attachments or on thumb drives. To address these botnet threats, OpenDNS blocks the malware’s ability to communicate with the command and control server and prevents it from getting encryption keys, updates, or attack instructions. This cripples the malware and prevents it from causing harm while giving IT valuable time to address the issue.
Sagiss, one of our valued Managed Service Provider (MSP) partners recently told us a real-world story of how OpenDNS contained Cryptolocker, a piece of ransomware. Sagiss is one of the world’s top 100 MSPs (MSPMentor 100) and has been delivering proactive IT for thousands of users in Dallas, Fort Worth, and the Mid Cities since 1992. Sagiss has been using OpenDNS to protect their customers for over 3 years, and CTO Jim Lancaster tells us of a recent event where, “OpenDNS saved our bacon.”
“Anti-Virus was deployed, updated, and functioning normally last week when one of our customers received what looked like an internal email indicating she had received a voicemail message,” Jim explains. “She clicked on the voice-mail attachment and when nothing happened, she forwarded to it to the office admin to figure why she couldn’t play it and promptly forgot about it. Then, OpenDNS detected a sudden spike in blocked botnet activity so we proactively reached out to the customer to investigate.”
Lancaster had his team take a closer look at the computers that had OpenDNS blocked botnet queries. “We discovered that her laptop was, in fact, infected with CryptoLocker, but the threat was contained and we were able to easily clean it before it encrypted any files. A second infected machine turned out to be a personal machine owned by the office admin. When she had received the forwarded voice-mail message, she tried to be helpful and open the attachment to see if it would play.”
The fake voicemail attachment is an example of how hackers use social engineering to infect users. Thanks to OpenDNS, however, the infection was contained. “We swept the network and found no other trace of CryptoLocker and, most importantly, no encrypted files.” By containing the infection with OpenDNS, the Sagiss team was able to avoid any customer impact and remove the infection in just a few minutes instead of facing a choice of paying a ransom or spending many hours restoring the computer from backup.
Learn how Umbrella for MSPs can help keep your customer’s networks and devices safe from infections. Our MSP team will also be exhibiting at IT Nation (Booth 314) and the HTG Peer Conference (Booth 518) in Orlando, FL this November, so be sure to stop by for a live demo! I’ll be speaking at both conferences—check your agendas for more details.