Ransomware Hits Kaseya VSA: Impact On San Jose Business
Cybercriminals hit the headlines again, this time affecting a multitude of businesses that use Kaseya VSA. The attack comes after a series of ransomware attacks on critical infrastructure in the United States, including the Colonial Pipeline and the world’s largest meat producer, JBS. The report was released by cybersecurity company Huntress Labs, and Kaseya said it was investigating the attack.
In a similar incident in 2019, hackers may have exploited a remote monitoring management software from Kaseya to access an MSP-centric cybersecurity console from Webroot. Both companies said that the attack involved compromised credentials rather than software vulnerabilities or breaches in the software. For added security, Webroot went ahead and activated a two-factor authentication service.
How Did the Attack Happen?
In the recent attack a few days ago, the case was not very different. According to Kaseya, hackers attacked the company’s virtual system/server administrator. This is a tool that many IT professionals use for the monitoring and management of desktops, servers, printers, and network devices. In response, the company shut down its infrastructure to reduce the effects of the attack. It also urged VSA users to do the same.
According to cybersecurity experts, the hackers behind the attack belong to the REvil gang, one of the most significant Russian-speaking ransomware syndicates. The group took advantage of a network-management package and used it as a conduit to spread the ransomware via cloud-service providers. The attack saw many computer networks paralyzed. The situation was made worse by the fact that many people were away from their offices because of the July Fourth holiday weekend.
The Extent of the Ransomware
John Hammond from Huntress Labs said that he was aware that many managed services providers were affected by the attack. As such, it’s only reasonable to imagine that several small businesses also suffered the attack, with their data being encrypted until they pay off the attackers. He based his estimates on the number of service providers that reached out to his company for help. This is in sharp contrast to what Fred Voccola, the CEO of Kaseya, thinks. According to him, the attack affected fewer than 40 of the company’s customers. However, he quickly added that hundreds of other companies that rely on Kaseya’s customers for services could also be affected.
He went on to say that the problem only affected on-premise customers, who are mainly organizations that run their own data centers. This means cloud-based services that provide customer support were not affected, although Kaseya also shut down those servers as a protective measure.
According to the Senior Security Researcher at Huntress, John Hammond, the attack was colossal and devastating on the supply chain. The technique used was high profile, in which the hackers hijacked one piece of software to hold ransom hundreds, if not thousands of users simultaneously. Since Kaseya is plugged into everything from small to large enterprises, it can potentially spread to any size of scale business.
Response to the Attack
In his statement, Voccola added that the company had identified the source of the vulnerability. The company would work on releasing a patch to ensure their customers resume operations as soon as possible. He cautioned customers affected by the ransomware against clicking on any links if they receive communication from the attackers.
An analyst from Gartner, Katell Thielemann, notes that Kaseya quickly took action and reacted with an abundance of caution. However, the response was a bit complicated since the attack took place at the beginning of a major holiday weekend in the United States. During such times, most corporate IT teams are understaffed. Organizations often find themselves in a situation where they can’t immediately address other security vulnerabilities. Companies that use Kaseya VSA were also exposed to the worst possible situation, as they had to race against time to get updates on other critical bugs.
Unfortunately, the incident was designed for maximum impact, involving a ransomware attack and a supply chain attack. The timing also seems to have been planned for the holiday to achieve the greatest effect. Supply chain attacks typically target widely used software, and once they gain access, they spread malware as the software updates itself automatically. They have become a priority item for cybersecurity experts.
Security Experts’ Involvement
The Cybersecurity and Infrastructure Security Agency said that it was working around the clock to monitor the situation. It was also in collaboration with the FBI to gather more information about the impact of the attack. In its statement to the public, CISA urged all affected businesses to shut down their servers immediately. VSA is a system that remotely manages and monitors a customer’s network and has its headquarters in Miami.
Experts say that the group behind Kaseya VSA’s attack was the same ransomware provider linked to the attack that happened on JBS. The incident also took place over the Memorial Day holiday weekend of May 2021.
The REvil gang has been active since April 2019. Its primary operation has been to provide ransomware as a service to others in its network. This means that it develops software that it later leases to its partners in crime to paralyze targeted networks. After the gang’s affiliates earn payments in the form of ransom, REvil gets its lion’s share of the loot. For example, reports have it that in the JBS attack, the company paid an equivalent of $11 million in ransom. Such are the incidents that have escalated calls by U.S. law enforcement to bring cybercriminal groups to justice.
Ransomware Protection In San Jose
The Kaseya attack is one among many that have recently made news in the recent past. They serve as an excellent example to show that no business system is exempt from cybersecurity issues. There is no better time to be proactive about the safety of your business networks, systems, and devices than now. If your business was one of the affected, ensure to follow the stipulated guidelines from experts and Kaseya, and look out for the security patch release.
For businesses that want to assess their systems and networks for loopholes and vulnerabilities, we recommend using expert help. At BC Networks, we offer managed IT services in San Jose and the Bay Area, working around the clock to ensure your systems are safe. Contact us today, and talk to us about your business IT needs as your trusted partner.