On July 2, the most widespread ransomware attack in history exploited Florida-based remote monitoring and management (RMM) software provider Kaseya VSA.
The Kaseya ransomware attack has affected approximately 1,500 small to medium-sized businesses and 50 Managed Service Providers (MSP), according to ZDnet.
What happened during the Kaseya ransomware attack?
The ransomware hackers capitalized on a vulnerability in Kaseya’s software that was previously unknown making this attack a zero-day exploit.
Kaseya’s software is used for remote monitoring and management of endpoints such as PCs, servers, and point of sale systems. Because Kaseya serves a global client base, this raised the impact of the attack, compromising thousands of organizations in 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.
Who is responsible for the attack?
The Kaseya ransomware attack is being attributed to the Russian ransomware gang REvil (also known as Sodinokibi).
REvil made headlines last month attacking U.S. meat processor JBS and demanding a $11 million ransom and is known for evading anti-malware protections.
REvil is considered one of the top ransomware “big game hunters”, demanding ransoms that average in the millions, coinciding with the data they exfiltrate and organization size.
Did Kaseya pay the ransom?
REvil initially publicly demanded $70 million to restore the data compromised in the Kaseya attack.
CNBC reported a private message from one of the REvil gang’s affiliates indicated a “universal decryptor” for all victims could be sold for $50 million.
None of the MSPs linked to Kaseya have paid any ransoms yet, but reports are circulating that some victims have paid.
How can future incidents like the Kaseya ransomware attack be prevented?
As attacks continue to make headlines and have more widespread implications, national and individual action must be taken to prevent them.
The recent spate of attacks linked to Russian cyber crime groups has led the U.S Government to announce that they will treat ransomware attacks with the same attention as terrorism.
Following the Colonial Pipeline ransomware attack, the White House has called for stronger cyber attack retaliation and collaboration between the government, public and private sectors.
A July 3 statement by the FBI provided clarity on how collaboration and reporting is critical to mitigating attack damage, stating “due to the potential scale of this incident, the FBI and CISA may be unable to respond to each victim individually, but all information we receive will be useful in countering this threat.”
Reporting a ransomware attack helps law enforcement agencies gather the intelligence info they need to track attacks and bring cyber criminals to justice.
Reduce your risk of ransomware today
The Kaseya attack is an example of how large-scale, global attacks can affect small and medium-sized businesses which often lack cyber security resources and protection.
Ransomware is a matter of when not if. No matter your organization’s size or perceived risk, creating and continually updating your ransomware incident response plan is critical.
Protecting your organization with proactive cyber security practices will reduce your risk of becoming a victim of ransomware.
At Proven Data, we are committed to helping organizations navigate ransomware attacks and recover their data as quickly as possible. We want to help you safeguard data and devices to prevent ransomware attacks (we even produced a documentary about it with Fmr. FBI Special Agent Patrick Gray of the Computer Crimes Squad).
If you have been affected by a ransomware attack or would like to learn more about implementing proactive cyber security at your organization, reach out to our cyber security experts to get started.