While many had the opportunity to rest, relax and recharge over the three-day holiday weekend, customers of software provider Kaseya were interrupted by the news of the largest ransomware attack on record—one that has affected close to 1,500 customers thus far.
The attack—reportedly carried out by the REvil ransomware gang from Russia—was announced by Kaseya in an update posted to their help desk page on Saturday morning. In the release, Kaseya stated that “Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to our teams’ fast response, we believe that this has been localized to a very small number of on-premise customers only.”
REvil isn’t a new name in the ransomware world. Last month, the cyber gang collected $11 million after JBS—the world’s largest meat processing company—paid a ransom to avoid supply chain disruptions.
But the attack on Kaseya could pose broader implications, as the company sells to managed service providers (MSPs) who themselves have downstream customers of their own. When including the customers that buy the software from an MSP, it’s been estimated that Kaseya provides software for an estimated 800,000-1,000,000 customers globally.
The Extent of the Damage
While early estimations cast a wide net, others in the industry think the initial approximations may just be the tip of the iceberg. “Given the relationship between Kaseya and MSPs, it’s not clear how Kaseya would know the number of victims impacted,” said Jake Williams, Chief Technical Officer of the cybersecurity firm BreachQuest. “There is no way the numbers are as low as Kaseya is claiming though,” said Williams.
The particular tool that was hacked by REvil is called “VSA,” which automates IT duties such as security/software updates while remotely maintaining a customer’s network. Ironically, the same tool Kaseya employs to protect their customer’s networks was re-engineered to distribute the ransomware.
The timing was no coincidence either. With many IT staffs depleted from Fourth of July vacations, REvil attacked when the defense was most vulnerable. “There’s zero doubt in my mind that the timing here was intentional,” said Williams in an interview with the Associated Press.
Once the threat was recognized, Kaseya immediately contacted the Federal Bureau of Investigation (FBI) and The Federal Cybersecurity and Infrastructure Agency (CISA). “This is a collaborative effort to remediate the issue and identify the parties responsible so they may be held accountable,” said Kaseya’s CEO Fred Voccola in a press release on Sunday. “While each and every customer impacted is one too many, the impact of this highly sophisticated attack has proven to be, thankfully, greatly overstated,” said Voccola.
While the root cause of the threat and an estimated reach has been determined, Kaseya, CISA and the FBI all warn against letting our guard down. “It’s important to remain vigilant. Our guidance continues to be that users follow Kaseya’s recommendation to shut down VSA servers immediately, to adopt CISA’s mitigation guidance, and to report if you have been affected to the IC3 (Internet Crime Complaint Center).”
It’s just the next domino in a recent surge of cyberattacks that have crippled companies big and small. Jesse Charfauros, Founder and CEO of restorVault, has seen an uptick in customers seeking to safeguard their file server data. “We are now seeing a number of our Trusted System compliance customers engaging us to protect their file server data as well, with our Secure Cloud Backup solution which is also immune to Ransomware” said Charfauros.
“By offloading inactive data from primary servers, companies reduce the amount of data that can be attacked with ransomware—all while improving server performance and extending its server storage lifespan,” said Charfauros.
The Trusted System Mandate for counties in California has spurred some commercial companies to seek viable solutions to manage business records, the recent wave of cyberattacks has caused many organizations to hit fast-forward in their data security initiatives that may have been on the back burner. Unfortunately, some organizations are only prioritizing cybersecurity after becoming a victim themselves.
What Safeguards are Available on the Market?
This “pay now or pay later” dilemma that has fast-tracked many cybersecurity movements, yet many still remain extremely vulnerable. A simple phishing email, automatic update or malicious link could freeze operations for an entire organization, as the enemy is evolving at a rate that our traditional security protocols have struggled to keep up with.
There are several avenues available on the market today designed to protect assets and data, but many are implemented too late. If it’s time for your organization to get serious about cybersecurity, contact the team at Western Integrated Systems and we will tailor a solution that fits your business needs now and into the future.