MSP and Vendor Named in Lawsuit Following Ransomware Attack


April 1, 2024

World map

A recently filed lawsuit by law firm Mastagni Holstedt against managed service provider (MSP) LanTech LLC and data backup provider Acronis seeks more than $1 million in damages, alleging the companies failed to protect the firm from a disruptive ransomware attack.

“The lawsuit claims that the plaintiff and LanTech entered into an oral agreement in which the MSP was to ‘provide monitoring service, advice, installation, selling cloud backup and picking and selling software and hardware’ for Mastagni,” MSSP Alert reports.

Mastagni suffered a “major outage” that they assert lead to the loss of “access to its servers and data,” and is seeking to hold LanTech responsible for the ransomware infection.

“Thereafter, a ransom demand was made by a group known as Black Basta for plaintiff to recover access to its data. The law firm attempted to recover its data through the Acronis backup system but discovered that its data backup had been deleted.”

It has not been confirmed whether the attackers exfiltrated sensitive data from Mastagni, which could make the firm itself the target of further lawsuits by clients.

Takeaway: If the ransomware attack does not kill a business, the legal and regulatory fallout certainly could. As we see with each new lawsuit, liabilities stemming from ransomware attacks can go far beyond the cost of incident response and recovery actions.

On average, a ransomware attack costs more than $4 million to fully remediate, but these estimates do not include potential losses from lawsuits and other tangential costs like damage to the brand, lost revenue, lost production from downed systems, and other collateral damage, such as intellectual property and regulated data loss.

Most ransomware attacks today include data exfiltration prior to the encryption of systems. The stolen data is used as leverage to compel the victim to pay the ransom demand with the threat of releasing or otherwise exposing the data if payment is not made.

These double extortion schemes may also involve the demand for an additional ransom payment to ensure the data is not leaked or sold on the dark web. The exposure of this data in ransomware attacks is more often leading to lawsuits, some reaching class-action status.

Attackers are getting more proficient at automating aspects of the attack progression by exploiting known vulnerabilities for initial access, stealing credentials, fine tuning evasion techniques, and improving stealthy payload delivery - so we will likely continue to see an escalation in attacks and their fallout.

Organizations who handle sensitive and regulated data need to assure they are doing their due diligence in implementing the correct security controls and conducting regular assessments and tabletop exercises.

As far as determining responsibility for the attack, anyone who knows anything about cybersecurity understands that a determined attacker with enough time and resources will eventually be successful in penetrating a target.  

So, it is surprising that an MSP would enter into a verbal agreement that does not clearly define the services to be delivered and the limits of the technologies employed.  

Security is not an objective state in the binary sense – secure or not secure. Security is an ongoing process to reduce organizational risk. For both service providers and their clients, it is imperative to clearly define service level agreements and their limits.

As everyone from business leaders to the US government struggle to find ways to address the relentless onslaught of ransomware attacks, we will continue to see more finger pointing and efforts to deflect liability by making a case for a legal or regulatory scapegoat for these disruptive attacks. is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.