Dura-Tech joins together with LeadingIT Learn more
Our knowledgeable team will support you organization, allowing your staff to get the most out of your technology.
We implement layers of protection to ensure your organization is secure.
Using best practices, we proactively protect your organization from becoming a victim of cybercrime.
As a Datto Blue Diamond Partner we secure your data with industry leading backup and disaster recovery solutions.
LeadingIT understands the technology needs of your business and offers computer, network and cybersecurity support to help you get the most out of your technology.
Read why businesses small and large across Wisconsin, Illinois and Indiana choose LeadingIT.
Working at LeadingIT means joining a group of people obsessed with taking on the real challenge of cybersecurity and helping businesses.
Stay up to date on the latest security threats your business faces and get tips on how to stay protected and informed.
On the onset of July Fourth, bad cyber actors infiltrated Kaseya, a Florida-based IT firm’s systems, and successfully launched a scathing ransomware attack. They managed to encrypt and seize tons of data and demanded $70 million for its release.
The hack, which CBC News calls “the biggest ransomware attack on record,” is just the latest in a series of several recent ransomware incidents. It confirms that ransomware is here to stay and is getting worse by the day. In this article, we give you an account of how the Kaseya ransomware attack happened and steps to keep your organization safe.
On July 3rd, Kaseya released a compromised QFE update and propagated it using its VSA servers. The hotfix was infected by the Sodinokibi ransomware payload, and every client who downloaded it had their servers and shared folders immediately encrypted and compromised.
The cyberattackers were very deliberate in targeting Kaseya VSA, a remote network management software used by MSPs and cybersecurity vendors to manage hundreds of client systems. First, this gave them a chance to infiltrate networks of hundreds of businesses. And two, VSA has broad access and performs several tasks, making it a perfect backdoor that’s challenging to monitor.
The attack has a lot in common with the infamous SolarWinds supply chain attack. They both compromised updates through vulnerable, internet-facing servers to target several organizations at once. However, unlike in the SolarWinds hack, there’s no indication whatsoever that the hackers compromised Kaseya’s infrastructure. Also, the Kaseya attack is financially motivated, unlike the SolarWinds hack, which was straightforward espionage, so there’s no telling the extremes to which the attackers can go in pursuit of ransom.
REvil, one of the world’s most notorious ransomware gangs, claimed responsibility for the attack. They went ahead and demanded up to $70 million as ransom. Some of the victims are currently actively negotiating with the hacker group.
According to REvil, they have infiltrated and gained control of more than a million networks. However, as of July 6th, Bleeping Computer reported that the attack affected about 60 of Kaseya’s direct clients, compromising systems of between 800 to 1500 organizations downstream. By any standards, these figures are massive, placing the hack on the list of the worst ransomware attacks of 2021 so far.
Unless you are a Kaseya client, either directly or indirectly through an MSP, there’s no need for alarm. However, the attack will undoubtedly have cybersecurity experts worried.
The hackers used high-level planning and sophisticated execution that bears the strains of a government-sponsored hacker group. They adopted two new tactics that bad cyber actors have never used anywhere around the world. The worst bit is that even deployed a zero-day, a software vulnerability that developers haven’t noticed and therefore don’t know how to fix.
Although REvil, best known for its attack on JBS, has been active since 2019, they have only been attacking single organizations. Therefore, its weekend supply chain hack caught cybersecurity experts by surprise. The hacker group did not target one organization or a single IT support company; it went after a software company with thousands of customers.
So far, the most significant casualties are 11 schools in New Zealand, a Swedish store that was forced to a standstill for more than 24 hours, and a few smaller U.S businesses.
The first step is to assume that you are always the next target—nobody is safe. Consider implementing the following safety protocols:
LeadingIT offers 24/7, all-inclusive, fast, and friendly technology and cybersecurity support for nonprofits, manufacturers, schools, accounting firms, religious organizations, government, and law offices with 10-200 employees across the Chicagoland area.
©2022 LeadingIT. All Rights Reserved.