A new ransomware attack has surfaced, this time mostly targeting IT companies and their clients. The attack is specifically targeting the Kaseya platform. Kaseya is management software that many IT companies use to remotely manage and support technology. The attack in question attacked Kaseya’s supply chain through a vulnerability in its VSA software; this attack is notable because of how it targeted the supply chain, not only striking at the vendor’s clients—notably IT companies—but also their customers. Basically, this attack had a trickle-down effect that is causing widespread chaos for a massive number of businesses.
Let’s dive into the details and see what can be learned from this ransomware attack.
Kaseya is a software vendor that works closely with managed service providers (MSPs) to provide IT solutions. The software designed by Kaseya is meant to be used by managed service providers and large enterprises to manage and support technology across multiple networks. As reported by ZDNet, at least 40,000 companies worldwide use at least one tool created by Kaseya.
The attack in question leveraged a vulnerability in Kaseya’s VSA service, which is basically a remote monitoring and management tool.
Since Kaseya plays such a key role in connecting IT companies to the businesses that they support, it should come as no surprise that such a ransomware attack could have profound effects on both the MSP service industry and the countless businesses that are supported by them. If your IT provider happened to use this particular software, there is a good chance that you were unlucky enough to become a victim of this attack, especially if other countermeasures weren’t in place.
To give you an idea of how this attack has progressed, let’s take a look at the timeline, as it was reported by ZDNet:
The attack itself is thought to have been administered via an automated malicious software update, bypassing authentication and executing commands remotely. More information on this attack can be found in Kaseya’s briefing on the incident here.
Since this particular issue was caused by a zero-day vulnerability (a previously unknown vulnerability) in a provider’s systems, it is hard to fault anyone in particular for this hack, but it does further reinforce the importance of monitoring your system for irregularities, as this attack was only uncovered as a result of such monitoring. Imagine the damage that could have been caused by this threat if it were to remain undiscovered for an extended period of time. It just goes to show that even businesses that do everything right can still become victims of ransomware attacks.
While there are countermeasures to prevent ransomware attacks and restorative measures to get back in business after being attacked, if these measures weren’t in place for a company that was a victim of the attack, things probably aren’t looking very good.
We can’t stress enough that it is critical to have a solid backup solution in place that is regularly tested and reviewed. It’s also a good idea to have your network hardened and evaluated at least once a year to help it withstand ransomware attacks and other threats. Even if you need a second option, we’re happy to help.
Therefore, you should always take preventative measures to ensure that ransomware is as mitigated as possible. We can help your business keep itself safe from threats of all kinds. To learn more, reach out to us at (503) 278-5011.