Kaseya Ransomware Hack Sets off Holiday Fireworks
It took a perfect storm of cleverly written software, one weak link and a holiday weekend in the United States to launch the world’s largest ransomware attack to date. As this was written, some 1,500 businesses were being held up for a total of $70 million.
If you’re one of our clients, you won’t have a problem with an automated response to an IT system from a third party because we don’t use those kinds of products or services. And the Kaseya attack is precisely why. Here’s a quick, not-too-technical explanation of what happened.
Kaseya has a product, VSA Network Monitoring, which detects problems in networks and responds to them automatically. A lot of its customers are managed service providers (MSPs) — effectively outsourced IT departments — that use the software to manage the networks of their customers, often smaller companies. Automation allows them to manage volumes of customers with little or no human interaction. When a problem occurs, the system issues an alert – with a job ticket for traceability – and then fixes the problem with a notification it was all done. It all happens in the blink of an eye, and when it’s successful, the system hums merrily along.
However, on Friday, July 2, when everyone in the United States was beginning their long-weekend celebration of Independence Day, hackers associated with the Russia-linked REvil ransomware-as-a-service group are believed to have used a never-before-seen security vulnerability in the software’s update mechanism to push ransomware to Kaseya’s customers. Many of them may not have known that their networks were monitored by Kaseya’s software.
Kaseya claims to have some 40,000 users, so the 1,500 victims are less than 5 percent of the base. But if you’re a victim, that’s no consolation. The hackers were asking for $45,000 from each victim or offering a “bulk discount” to $70 million as a single payment to unlock affected systems. Some bargain!
Again, why won’t it happen to our clients? We don’t use outside services for precisely what happened with Kaseya. Problems with automated systems happen too quickly. Even though Kaseya detected a problem and shut down systems, 1,500 were still infected.
We monitor our clients’ systems, and we have software that both provides us with alarms and allows us to gain access to fix problems. We also know each of our clients and system characteristics personally and have a specific plan for each emergency. And instead of relying on someone’s computers to talk to your computers, we talk to you.
We are more than happy to review our emergency response plan for your IT system and make any adjustments that will make you feel more secure. At the same time, if you know anyone who’s nervous about their IT, have them contact us. We can be reached by phone – 973-433-6676 – or email.