On July 2, 2021, one of the biggest cyberattacks to date took place in the US. The Kaseya ransomware attack posed a serious threat to cybersecurity measures across the globe, affecting over 50 MSPs and setting off a chain of events affecting over 1,500 businesses worldwide

A hacking group known as REvil launched a supply-chain ransomware attack on Kaseya, an IT solutions developer for MSPs worldwide. This event has triggered an increased need for IT security services. 

About Kaseya 

Headquartered in Miami, Florida, the company supplies IT solutions to SMBs and MSPs worldwide. Kaseya VSA is a tool that provides remote monitoring and handling for networks and endpoints. The Kaseya VSA can be availed as a SaaS service or on an on-site server and was the primary target for the supply-chain ransomware attack. 

The Culprit: REvil 

REvil is a hacker organization believed to be Russia-based. The group also goes by the name Sodinokibi. REvil made one of its high-profile cyberattacks in April 2021 through ransomware directed at Quanta, a Taiwanese company that supplies Apple with data center gear. News reports state that REvil has conducted 15 cyberattacks weekly over two months. 

As of July 13, 2021, REvil’s blog and payment websites were no longer accessible, sparking speculation that the group had been taken down. However, details of this information remain unclear. So, companies still have to be on the lookout to enforce better cybersecurity services and measures. 

The Attack and Fallout 

On July 2, 2021, REvil infiltrated Kaseya’s VSA software. The attack affected businesses on all scales, including hospitals, groceries, processing plants, and organizations.

  • July 2, 2021 – Kaseya identifies a potential security threat and shuts down its VSA servers. Authorities, including the FBI, have been notified of the threat. 
  • July 4, 2021- FBI and CISA issue a joint guidance memorandum to help those MSPs affected by the attack. 
  • July 22, 2021 – Kaseya acquires universal decryption tool, denying speculations on ransom payment 
  • Sep 22, 2021- Reports surface stating that the FBI had access to the decryption key three weeks prior to its release. 

FBI: Withholding the Decryption Key

According to multiple reports published, it has been reported that the FBI already had access to the decryption tool three weeks before the release. This decision to withhold the decryption key came at a hefty price. If the FBI had released the key sooner, the companies involved would not have suffered millions in losses. 

Did the End Justify the Means? 

When asked about their decision to delay sharing the decryption key, the FBI said that it acted with the intention of further infiltrating the REvil systems. The FBI thought that sharing the decryption key early on would tip off the REvil group about their inside access to its servers. 

In a report published by the Washington Post, the FBI was quoted as saying: “The harm was not as severe as initially feared.” However, the FBI’s plan to infiltrate the REvil servers remains a mystery to this day as the group disappeared from the web before the authorities were able to carry out a counter-attack. 

The Aftermath 

The US House Committee on Oversight and Reform has demanded a briefing with the FBI to explain their actions. Just last September, FBI Director Christopher Wray gave his testimony in Congress.  He placed the blame on other government agencies that urged them not to share the keys. 

Sean Nikkel, a senior threat analyst at Digital Shadows, says that the FBI may have considered the need to shut down REvil’s operations as greater than saving a small group of companies. 

With the FBI’s decision to put the government’s operational goals first instead of protecting the general public, companies are more inclined to be responsible for their own digital security.  

The Value of Self-Defense

Taking the cue from recent cyberattacks, companies have to strengthen their cybersecurity measures. Cybersecurity is a company’s responsibility that cannot be passed on to government agencies. Through managed IT security services, your company can get real-time and updated malware protection without the hassle of managing an on-site IT team. 

Get a free cybersecurity evaluation today to get started on improving your business’s security.