More than 200 businesses in the United States became the recent victims of a huge ransomware attack. Kaseya, an IT solutions provider is one of the latest victims.
Kaseya develops IT solutions for enterprises and managed service providers or MSPs. On July 2nd, 2021, the IT firm was hit by a ransomware attack. The ransomware leveraged a weakness in the firm’s VSA software against several MSPs and customers.
Fred Voccola, CEO at Kaseya stated that 0.1% of their customers were caught in the data breach. Since their client roster also contains MSPs, small businesses were also trapped in the attack. Current estimates indicate that up to 1500 small and medium-sized businesses get targeted by ransomware via their MSP. The latest attack is similar to the SolarWinds security breach. The attackers were able to break through the software and publish malicious updates to many customers.
More about Kaseya…
Kaseya is an international company with locations in ten countries. Its main headquarters is located in Dublin, Ireland. Kaseya has another head office located in Miami, Florida. Kaseya offers many types of IT solutions such as:
· A combined remote-monitoring and management software that handles multiple endpoints and networks (VSA)
· Compliance systems
· Automation platform
· Service desks.
Kaseya’s software caters to MSPs and enterprises. According to the company, more than 40,000 companies around the world use Kaseya’s software tools. Since it provides tech to MSPs that work with other companies, Kaseya’s role is critical in the large software supply network.
The Attack
According to Huntress Labs, the cyberattack targeted Kaseya before proliferating via corporate networks that rely on its software. Huntress Labs further stated that the attack originated from the REvil- a Russian ransomware gang. They are also called Sodinokibi. It is one of the leading cyber-criminal gangs in the world. It was the gang responsible for the cyberattack in May that paused key operations at the world’s largest meat wholesaler, JBS. The organization threatens victims to comply with their demands. If the victim fails to do so, they attempt to post stolen information on their website. In 2019, REvil was also responsible for the coordinated attack on more than twelve local government offices in Texas.
The United States Cybersecurity and Infrastructure Agency declared that it was taking strict actions to deal with the attack. This colossal cyberattack hit Kaseya on Friday afternoon. At this time, most American companies were getting ready to take a break for the long-awaited Independence Day holiday.
Supply chain attacks and ransomware hacks keep cyber-security staff awake all night. The latest attack was a combination of two nightmares rolled into a big problem. It ruined a major holiday for hundreds of people in the IT departments across the country.
Ransomware is a massive issue with repercussions on a global scale. These are planned attacks by organized virtual criminal gangs. They are constantly trying to gain access to networks around the world and hold them for ransom. These attacks are ongoing but it takes a lot of effort and time to completely hijack a network.
The latest ransomware attack demonstrated that by targeting a software supplier that offers services to multiple other organizations, they can target thousands of other victims in a single attempt. Although there have been multiple supply chain attacks before, the latest one is the largest one to date. It demonstrates the creativity of these ransomware gangs and the extent of damage they cause.
According to Kaseya, some of its applications that operate on network devices, corporate servers, and desktop PCs were compromised. The company requested its customers who were using VSA tools to shut their systems immediately.
In their official statement, Kaseya reported that only a few companies were affected by the latest ransomware attack. However, Huntress Labs found the number to be greater than 200. The exact figure is still unclear.
At the Geneva Summit, American President Joe Biden urged Russian President Putin to tighten the reins on these cyber attacks. He offered Mr. Putin a list containing names of infrastructure sectors that were vulnerable to such hacking attacks. The list includes various sectors such as energy and water.