The Kaseya Ransomware Attack: What Happened and What It Means for Your Business
On July 2nd, Kaseya, a major provider of IT management software, reported that it was the victim of a massive ransomware attack. The cybercrime group behind the act, REvil, demanded $70 million in bitcoin as ransom for a decrypt tool that would unlock all affected businesses’ systems and give them their data back. The Kaseya ransomware attack quickly became one of the most talked-about cybersecurity events of the year.
Since the cyberattack happened right before the Fourth of July holiday weekend, it’s presumed that the timing was deliberate, giving the trojan time to infect as many systems as possible while IT teams were short-staffed.
While the attack only affected 0.1% of Kaseya’s customers, many of those businesses are MSPs. The loss of data, then, affects not just the managed service provider (MSP) but each of the small-to-medium-sized businesses that the MSPs work with to maintain cybersecurity.
How the Kaseya Ransomware Attack Occurred
The FBI described the incident as a “supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software.” Simply put, a supply-chain attack is when malicious code is placed in trusted software, allowing trojans or backdoors to affect recipients of that infected software.
This specific attack targeted Kaseya’s virtual systems/server administrator (VSA) software and exploited several vulnerabilities in it, inserting ransomware into the system through a fake management agent update. That single point of entry is what made the Kaseya ransomware attack so far-reaching.
The Scope and Fallout of the Kaseya Ransomware Attack
In a July 6th press release, Kaseya stated that “while impacting approximately 50 of Kaseya’s customers, this attack was never a threat nor had any impact to critical infrastructure.”
Yet the Kaseya ransomware attack has been called “the biggest non-nation state supply chain attack ever, and possibly the second biggest ransomware attack ever.” The full scope of those affected by the ransomware attack is not fully known, since many of the impacted businesses were clients of Kaseya’s customers.
Businesses affected by the breach included many SMBs across multiple industries, hundreds of supermarkets in Sweden, and about a dozen schools and kindergartens in New Zealand. The security firm ESET reports the most impacted countries were the United Kingdom, South Africa, Canada, Germany, the United States, and Colombia.
What the Kaseya Ransomware Attack Means for SMBs
The volume of cyberattacks continues to rise, and cybercriminals have become more sophisticated and organized. Recent ransomware attacks have demanded—and received—millions of dollars. Large corporations like meat processor JBS paid $11 million, and Colonial Pipeline paid a $4.4 million ransom.
Because many small businesses cannot afford their own IT departments, they are especially vulnerable. Ransomware can be crippling for a business—shutting down computers, potentially wiping out all of their files remotely, and delivering devastating financial consequences. The Kaseya ransomware attack proved that even companies that never dealt with Kaseya directly can be caught in the blast radius.
Quality Cybersecurity Services Can Protect Businesses
With the Kaseya ransomware attack displaying yet again how vulnerable systems can be manipulated, it’s more important than ever that small businesses acquire strong cybersecurity services from a secure and trusted MSP.
Partnering with a quality, experienced MSP to administer and maintain cybersecurity services can help protect your business from ransomware and other attacks. An MSP can implement the proper security tools and provide training to stay ahead of—and recover from—incidents. MSPs offer a variety of services that provide the protection your business needs:
- MSPs ensure businesses follow proper backup solutions and schedules.
- MSPs can perform penetration tests to check for vulnerabilities or unpatched software.
- An MSP can send mock phishing or suspicious emails to test whether employees click links or download attachments, helping train staff on safe cyber practices.
MSPs like ThrottleNet help small businesses get the protection they need from these dangerous and costly ransomware attacks. In the event an attack is unavoidable, the right MSP will be able to help recover your data.
Get a free cybersecurity evaluation today to start improving your business’s security and protecting your data.
