On Friday, July 2nd over 1000 Managed Service Providers and their customers were affected by a massive REvil ransomware attack through Kaseya Software System. It is important we acknowledge this event to create awareness within our community. This event impacts many businesses who outsource their IT to a Managed Service Provider who use the Kaseya software tool. In this post, we’ll explain what has reportedly happened, how it may affect your company, and provide four tips for what to do next.
What Happened
A REvil ransomware attack on one of the top IT software firms Kaseya occurred just after Canada Day and has reportedly hit one million “systems”. The total has not been verified and the exact number of victims is unknown. However, the victims do include 500 Swedish Coop Supermarkets and 11 schools in New Zealand. Reporters are calling it a “Supply Chain” attack which initially targeted Kaseya before spreading through corporate networks that use the software. Kaseya provides software to Managed Service Providers. This is a tool used to manage remote connections into client’s computers which implies the list of victims is much greater than what Kaseya has previously determined. The gang who used the REvil ransomware service to attack IT firm Kaseya and its customers have offered a universal decryption key at a record price of $70 million, if anyone wants to pay for it.
Apparently, the vulnerability in Kaseya’s system was known and “good hackers” were working to resolve it before “bad hackers” got in. Unfortunately, in this case, REvil (the bad hackers) reached the target before the vulnerability was resolved. This goes to show just how skilled and determined these cybercriminals are.
What This Means For You
For our customers, we are not affected by this attack as we do not use Kaseya software. However, we are paying close attention to these events as they unfold to see what we can learn.
If you are a business that outsources your IT to a Managed Service provider that uses the Kaseya software, it’s quite possible you have been affected by this ransomware attack. We have heard of some businesses being down for 3 days. We understand this is a very frustrating and stressful situation.
What You Should Do Now
It is important to understand that an attack like this can happen to any company and it is very unfortunate that it has impacted many businesses. Here are four tips on what to do next:
1. Ensure you have an appropriate cybersecurity insurance policy
A simple liability insurance policy excludes claims like theft of funds, ransomware, or cyber extortion. Therefore, it is important to have a comprehensive, stand-alone, cyber policy. Ensure that your business has appropriate insurance in place. When finding the policy that is right for your business, the factors that impact the policy limit would be the industry you serve, your reliance on IT, the size of your workforce, and the type of data you store.
2. Don’t let your guard down!
Work with your team of IT professionals to ensure the business has the right level of protection against threats, whether that is an internal team, a Managed Service Provider, or a hybrid team. You should seek to understand the business’s current threats and their impact on the business and decide if the business needs more or less protection.
3. Ensure you have a response plan
An incident response plan ensures that your organization is prepared to respond to and recover from a cyberattack. An effective plan limits disruption to internal services, clients, and partners, and reduces data loss and reputational damage. You should ensure that your business has a response plan and understands the role each individual plays in the plan.
4. Look at your options
It is wise to seek out information from your current provider and ask important questions on not only what they do to keep your business safe but also what they do to keep their own business safe.
Do you need support or have any questions?
To avoid being a victim of a security breach, ensure your IT defenses are the best and rest easing knowing you are protected by an Edmonton IT company that puts your cybersecurity as a top priority. Contact Yardstick Technologies to learn more about how we can secure your network and assist you with your IT cybersecurity needs.
Huntress Labs is working closely with Kaseya to support businesses affected by this attack. You can keep up with the updates here.
