On July 2, 2021, cybercriminals belonging to REvil committed one of the most sophisticated cyberattacks we have seen in recent years.
Over the American Independence day weekend, Kaseya, a common IT monitoring tool used by many IT support and managed service providers, announced it was the victim of a cyberattack.
Because Kaseya is a major player in the IT space for securing and monitoring computer networks and systems, it made their tool, Kaseya VSA, a prime target.
Kaseya VSA is a “unified remote-monitoring and management tool for handling networks and endpoints.” The hacker group out of Russia (REvil) was able to gain access to the thousands of computer endpoints and networks under Kaseya’s care.
*NOTE: Attain Technology does not use Kaseya tools. All of our clients are protected. We use multiple, highly sophisticated tools with many layers of redundancy to prevent being crippled by events like this. But it is still a shot across the bow and a warning for businesses to ensure their data and networks are safe. It is becoming even more imperative that businesses invest in business continuity and disaster recovery services to protect themselves for events like this.
Who Was Affected By The Kaseya Ransomware Breach?
Kaseya VSA is delivered in two different formats. A cloud based SaaS solution, and an on-premises solution.
The on-premises solution was directly attacked by bypassing a login, gaining access to the system and force installing a corrupted update onto the machines (endpoints) of MSPs and their clients computers.
While the attack was caught and stopped by Kaseya engineers before it replicated and was installed into their cloud SaaS solution, it affected around 40 of their on-premises customers, who were using the Kaseya software to protect 800-1,500 of their customers.
One of the worst hit was a grocery store chain in Sweden. According to reports, Coop supermarkets had to close temporarily because they were unable to access their cash registers.
To protect their 40,000 customers, Kaseya shut down its entire system to both their SaaS solution and their on-premises solution.
Kaseya engineers have been working around the clock to resolve this issue, but at 12pm EDT on July 7, they still hadn’t been able to bring their systems back online.
This is a 5 day span where all Kaseya customers have been without protection and have been crippled by this incident.
The 800 – 1,500 customers who were infected with ransomware are still awaiting a resolution.
Who Is Responsible For The Attack?
Around the world there are various criminal organizations who have learned to make obscene amounts of money by attacking computer networks and the computer endpoints of small, medium-sized and large enterprise businesses.
No business is safe from these attacks and no one can stop you from being attacked. But you can protect your data and keep your business from suffering a ransomware attack. Contact us at 401-298-9838 and we can explain your options.
The most common and well-known ransomware crime families are: REvil, Locky, WannaCry, Gandcrab, Cerber, NotPetya, Maze and Darkside.
On Sunday, July 4th, REvil asked for $70 million in exchange for a universal decryption tool that they claim will unlock all of the machines they are holding ransom.
The only problem is, they have been known to lie. They are criminals after all. There have been plenty of instances where a business paid the ransom to get their data back only to be given a decryption tool that didn’t work. In several cases, business owners paid the ransom and were given a tool that decrypted their data, only to have REvil immediately attack them again and lock them out of all their data again.
In response to this attack, REvil made a statement:
“Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities – nobody will not cooperate with us. Its not in our interests. If you will not cooperate with our service –for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practice – time is much more valuable than money.”
And even though Kaseya will rectify this and will return all of their clients to working order, their clients were down, or unprotected for a minimum of 5 days.
There are many ways to measure the impact, and it surely is going to impact every Kaseya client in some way, but it is also going to be devastating to many businesses Like Coop Supermarkets.
What Can You Do To Protect Your Business?
You should want to protect your business from ransomware attacks.
With each successful attack, these ransomware groups get more sophisticated and brazen.
Because of technology, the future will require businesses to have a strong, dependable system that protects them from cyberattacks and ransomware attacks like the one committed against Kaseya.
That’s why you need to have a solid business continuity and disaster recovery solution in place. And you can now.
At Attain Technology, we continue to research every IT tool and vet every solution to ensure our clients are safe and protected. We have identified the most robust, complete solutions that ensure you stay protected.
With our business continuity and disaster recovery solution we not only protect your data with redundant copies of redundant copies that are constantly, incrementally updated – we can also replicate your entire network virtually.
Which means, if your system was attacked, it would be instantly locked down and your computer endpoints and users could be running their programs, saving files and accessing data from a remote location. It’s called virtualization.
Virtualization along with incremental data backups and more, give us the ability to protect your business and data in a way that others just can’t.
If you are concerned about ransomware attacks, security breaches and cybercriminal syndicates holding your business hostage, contact us at 401-298-9838 today.
We will show you how to protect yourself and your business with multiple levels of protection. Then you can rest easy knowing that even though you probably will still be attacked by cybercriminals, those cyberattacks and ransomware won’t significantly impact your business.
And while some incidents can cause 30 minutes to an hour of downtime, over 90% of businesses don’t even notice anything happened. We are able to lock it down that fast.