KASEYA RANSOMWARE ATTACK
Ransomware is on the rise and not leaving us any day soon. Kaseya, a U.S. IT solutions and technology provider for MSPs (managed service providers) and enterprise suffered a devasting ransomware attack early this month. A hacking group in Russia carried out a supply chain ransomware attack accessing vulnerabilities in the company’s VSA software, its RMM (Remote Monitoring and Management) tool for endpoint management, protection and network monitoring. The Kaseya ransomware attack means that both MSPs and by extension their clients became victims of the breach. And this may just be the beginning with the worst yet to come…
WHO WERE THE HACKERS?
Who were the infiltrators behind the Kaseya ransomware attack? Russian hacking platform REvil (Ransomware Evil) and its affiliates have claimed responsibility for the deployment of the attack which paralyzed a global treasure chest of client data and is demanding a massive $70 million for its safe return. REvil is a private RaaS (Ransomware-as-a-Service) operation. Its notorious hacking history includes:
- attacking an Apple supplier and stealing confidential diagrams of upcoming products in April 2021
- demanding $42 million for President Trump as a ransom for a collection of emails in May 2020
- releasing legal documents related to American singer, Lady Gaga, also in May last year
In May 2021, JBS S.A., A Brazilian company that is the world’s largest meat processing company, was forced to temporarily shut down its beef manufacturing plants in the United States, following an alleged REvil ransomware attack. The White House and the FBI confirmed that REvil were the culprits. A few days later, JBS paid the ransom of $11 million.
WHO WAS HIT?
Sources estimate that 800 to 1,500 small to medium-sized businesses (SMBs) in the United States and across the globe were hit by the Kaseya ransomware attack, although independent IT researchers fear the number may be as high as 2,000. Kaseya CEO, Fred Voccola, stated that less than 0.1% of its customers were ensnared by the attack. Victims were wide-ranging to include schools in New Zealand and supermarkets in Sweden. According to the White House, the attack in the United States was limited and contained.
WHY IS THE KASEYA RANSOMWARE ATTACK SO BAD?
Kaseya regularly releases updates or patches for its software to improve the IT security of its client’s networks. In the case of the Kaseya ransomware attack, the updates were plagued with malicious code permeating the systems of SMBs. Doug Schmidt, a professor of computer science at Vanderbilt University, stated:
“This is very scary for a lot of reasons – it’s a totally different type of attack than what we have seen before. If you can attack someone through a trusted channel, it’s incredibly pervasive – it’s going to ricochet way beyond the wildest dreams of the perpetrator.”
What is truly scary is that the Kaseya ransomware attack shows that not even MSPs are secure from cybercriminal activity. What would happen to global IT systems should a breach of a much larger scale occur?
IS PAYING THE RANSOM A SOLUTION?
To pay or not to pay – that is the question. Voccola has yet to confirm whether or not Kaseya will pay the $70 million to REvil and its associates. If the ransom is paid, a precedent will be set for even stealthier and more comprehensive attacks on global business IT. He said:
“When hackers are assured they are going to get paid, and not going to get caught, they get a lot more brazen. We are going to see a major, major escalation in these kinds of attacks. This is going to get a lot worse.”
Remember that when a ransom is paid, it aids and abets further cybercrime. Hackers have more money, can buy better equipment, and can afford to employ highly skilled hackers. We need to do everything we can and make sure that the worst is not yet to come.