On July 2nd, Kaseya, a major provider of IT management software, reported that they were the victim of a massive ransomware attack. The cybercrime group behind the act, REvil, demanded $70 million in bitcoin as ransom for a decrypt tool that would unlock all affected businesses’ systems, giving them their data back.
Since the cyberattack happened right before the Fourth of July holiday weekend, it’s presumed that the attack was scheduled so that the trojan had time to infect as many systems as they could.
While the attack only affected 0.1% of Kaseya’s customers, many of the businesses served are MSPs. The loss of data, then, affects not just the managed service provider (MSP) but each of the small-to-medium-sized businesses that the MSPs work with to maintain cybersecurity.
How the Attack Occurred
The FBI described the attack as a “supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software.” Simply, a supply-chain attack is when malicious code is placed in trusted software. Then, trojans or backdoors can affect recipients of the infected software.
This specific attack targeted Kaseya’s virtual systems/server administrator (VSA) software and exploited several vulnerabilities in it, inserting ransomware into the system through a fake management agent update.
The Scope and Fallout of the Attack
In a July 6th press release, Kaseya stated that “while impacting approximately 50 of Kaseya’s customers, this attack was never a threat nor had any impact to critical infrastructure.”
Yet the Kaseya ransomware attack has been called “the biggest non-nation state supply chain attack ever, and possibly the second biggest ransomware attack ever.” The full scope of those affected by the ransomware attack is not known, since many of the businesses affected were clients of Kaseya’s customers.
Businesses affected by the breach included many SMBs across multiple industries, hundreds of supermarkets in Sweden, about a dozen schools and kindergartens in New Zealand. The security firm ESET reports the most impacted countries were the United Kingdom, South Africa, Canada, Germany, the United States, and Colombia.
What This Means for SMBs
The volume of cyberattacks continues to rise, and cybercriminals have become more sophisticated and organized. Recent ransomware attacks demanded—and received—millions of dollars. Large corporations like meat processor JBL paid $11 million, and Colonial Pipeline paid a $4.4 million ransomware payment.
Because many small businesses cannot afford their own IT departments, they are especially vulnerable. Ransomware attacks can be crippling for a business, shutting down computers, potentially wiping out all of their files remotely, and being on the receiving end of the devastating financial effects these attacks bring.
Quality Cybersecurity Services Can Protect Businesses
With the Kaseya attack displaying yet again how vulnerable systems can be manipulated, it’s more important than ever that small businesses acquire strong cybersecurity services from a secure and trusted MSP.
Partnering with a quality, experienced MSP to administer and maintain cybersecurity services can help protect your business from ransomware and other cybersecurity attacks. An MSP can implement the proper security tools and provide training to stay ahead of and recover from ransomware attacks.
MSPs offer a variety of services that will provide you with the protection your business needs.
- MSPs ensure businesses follow proper backup solutions and schedules.
- MSPs can perform penetration tests to check for vulnerabilities or unpatched software.
- An MSP can send mock phishing or suspicious emails to test if employees click on links or download attachments, helping train the organization’s employees on safe cyber practices.
MSPs like ThrottleNet help small businesses get the protection they need from these dangerous and costly ransomware attacks. In the case an attack is unavoidable, the right MSP will be able to help recover your data.
Get a free cybersecurity evaluation today to get started on improving your business’s security and protecting your business’s data.