The words cyberattack and cybersecurity are becoming common around the web, especially as the two get more and more talked about. It’s becoming something that we all must look out for and prepare for, with most of us spending more and more time online.
Just ahead of the July 4th holiday weekend, instead of celebrating independence, one software company spent the day trying to clean up an attack. We’re talking about the Kaseya VSA ransomware attack, which has been linked to more than 1500 companies according to investigations so far. Below, we’ll get into the details and line up a few things that you can do to keep yourself safe.
What Is a Ransomware Attack?
The attack was launched using ransomware, a form of malicious software responsible for the demise of the operating system. Ransomware works by capturing a computer system and encrypting it in a way that companies are unable to decipher. With all data encrypted, they send out a message seeking payment in exchange for the return of data, sometimes destroying everything in its path if companies do not comply.
Most of the time, ransomware attacks and other common cyberattacks work by honing in on a vulnerability within a system, with sophisticated hackers launching an attack that can exploit it. In the case of Kaseya, investigations found that ransomware was able to attack their supply chain, due to a vulnerability in their software used by managed service providers (MSPs).
The Tactic
Because the vulnerability was found in the MSPs, many of Kaseya’s clients were in the clear. However, it was all of their smaller business associations that got attacked, which has totaled up to 1500 and counting thus far. The attackers took advantage of the fact that Kaseya is constantly sending and receiving data. Because their attack surface is large, hackers had plenty of opportunity to spot weak configurations and capture data.
As soon as these sophisticated cyber criminals were able to gain access, it was just a matter of time before they had malicious software and payloads running. With the malware in place, it took little to no time for attackers to encrypt all the data and making it unreadable and inaccessible, demanding money in exchange for the decryption key.
The Outcome
Though it could have been much worse, Kaseya sent out a mass message to all its clients recommending that they shut down their VSA servers in order to keep themselves safe from a potential attack. In doing so, the damages were far less than they could have been, with Kaseya’s cybersecurity professionals taking over and getting to the bottom of the attack quickly.
Though many were quick to act, that didn’t stop some customers from falling victim to malicious updates. Prompted to update, several users clicked “ok,” causing their computer to become infected as well.
Who Was Affected?
All of this happened in just a matter of days, leading Kaseya to analyze the outcome. What they found was that less than 40 customers were victims, though it was the small companies that were the most affected. These small companies too have client information on their databases, something that, if exploited, would lead to even more damages and higher costs.
Still, company representatives say that there was really no harm done and that their online infrastructure is still standing strong, claiming that they have everything ready and patched up to keep moving forward. They are lucky to have found and stopped the spread so fast, helping to avoid other consequences that could have happened if the ransomware was left to spread even just a few minutes longer.
The Culprit
After further investigation, the attacks were nailed on the cyberattack group known as Revi. These guys have made a name for themselves in the world of cyberattacks, including big names like JBS and Acer, just to name a few. Because it was a ransomware attack, this group demanded money from many of the associated companies and sent a $70 million bitcoin equivalent ransom to Kaseya to purchase the master key that would encrypt the data of all parties infected.
The Aftermath
While this was not a tragic case in terms of ransomware attacks, this was a telling sign that cybercriminals are out there lurking, on the hunt for opportunities. Though it may cost companies millions in the end, that is nothing compared to the amount of damage that could have ensued if the customer’s information was captured as a result.
The company is back up and running and says that all things are patched up and their system is safe and sound. Though that sounds good, attacks like these always leave users cautious and can drive down business and confidence.
How To Prevent Ransomware Attacks?
With all this talk about ransomware attacks, many out there are looking for ways that they can be prevented. Prevention must start long before an attack, with companies taking approaches both inside and outside of their infrastructures.
Plus, nowadays, companies are having to look for active threat management that will allow for swift response and vulnerability management that will stop attacks long before they start. Rize Technologies has created a data-driven approach to spotting risks and managing threats that helps keep them far ahead of attackers. Through continuous auditing, they work to find gaps that hackers could take advantage of, taking care of them before they’re exposed to those who could wreak havoc.
Take A Lesson from the Kaseya VSA Ransomware Attack: Protect your Webspace
The frequency of cyberattacks is increasing, and unfortunately, so is their intensity. As we go further into a digital world where all things are happening online, both businesses and individuals need to be more careful in their approach to online security. Companies with breaches that expose personally identifiable information of their clients could face large lawsuits, losing money due to a soiled reputation and a halt to business.
Perhaps this event and many others are there to serve as a warning, showing the prevalence and the seriousness of a security breach. It cautions us to pay attention to our growing attack space and take steps to follow a more aggressive approach to securing our webspace.