Hackers breach MSPs and use Webroot SecureAnywhere console to infect customer PCs with the Sodinokibi ransomware. https://www.zdnet.com/article/ransomware-gang-hacks-msps-to-deploy-ransomware-on-customer-systems
