What Happened?
Recently, there was a ransomware attack on Kaseya, a tech company out of Miami whose primary services involve providing a worldwide customer base with tech management solutions. The group that did the attack is called REvil, and they’re reputed to have been responsible for shutting down both a major meat processor and the colonial pipeline attack earlier this year.
What’s The Impact?
The fallout from this latest developing ransomware attack has impacted hundreds of Kaseya’s customers. In Sweden, there were grocery and pharmacy chains impacted, as well as a railway. These customers of Kaseya suffered direct impact from the ransomware.
The attack was noticed and addressed publicly as of July 2nd. Presently, it’s expected that approximately 36k companies have been in one way or another impacted by the attack on Kaseya.
As of July 7th Kaseya is advising customers with on-premise VSA servers to remain offline until they receive the patch along with futher security recommendations. On Sunday, July 4, Kaseya began advising some SaaS customers in Europe, Asia, and the UK to begin reactivating servers. Monday saw Kaseya begin advising the same in the United States for certain clients. Unfortunately on July 6th they discovered an issue and will be delaying restoration of SaaS services until the evening of July 8th. Presently, the totality of the issue has not yet been resolved.
Preventative Measures
A detection tool was released to some 900 customers which reveals whether or not some sort of compromise has taken place in terms of security. This ransomware attack is presently being investigated by the FBI and the US Cybersecurity and Infrastructure Agency. For the majority of clients, returns in stages are being perscribed–at least in regards Software as a Service (SaaS) server arrays whose functionality was diminished by associated precautions.
In order to avoid compromise if your company is involved with Kaseya tech solutions, look into any products related to VSA either directly or indirectly. This is where the ransomware is “centered” so avoid using endpoint options related to VSA until Kaseya gives your company the go-ahead. The crux is, VSA is aimed at small to medium-sized businesses and is designed for remote monitoring solutions, as well as routine maintenance such as updates in security software.
The good news is, Kaseya has told the press that they are completely positive with regards to the genesis of this ransomware attack, and they’ve taken the proper steps to fix the issue. However, given how recent the event is at the time of this writing, it’s wise to be as cautious for a few more days at least. Ransomware, adware, and Trojan malware can hide until hackers activate it.
Safeguarding Operations
The threat of a ransomware attack won’t go away; at least that’s the expectation of those who make IT pursuits their professional business. The attacks will simply shift over time. Even large companies can be impacted. Why is this the case? Well, as new tech develops, so also do new ways of misusing that tech in an illegal manner. Accordingly, new threats follow new innovations. So to recap:
- Kaseya has addressed the issue and is beginning to restore services
- Presently, it’s wise to be cautious, given how recent the attack was
- Outsourcing tech security to cybersecurity experts is advisable
Improving Operational Security
Though Kaseya has addressed the REvil attack, you will want to remain cautious, and locally outsourcing tech security is wise. Also, you should train staff with regards to best practices, and assure all your data is properly backed up in a way that allows a secure reboot.