Ransomware Attack On Kaseya Systems

Photo by Franck on Unsplash

If you follow the tech community as we do, you may have seen the news about the REvil Ransomware attack on Kaseya’s systems. However, if this is new to you, prepare yourself for what you are about to read, and yes, it is another Ransomware attack that we believe is the worst one this year.

Sophos director Mark Loman brought this attack up on Twitter on Friday, July 3, 2021. Mark Loman reported that the affected systems would have to pay closely to $50,000 to be unlocked. You can even read the full notice that Kaseya has put out on their website telling people that “Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to our teams’ fast response, we believe that this has been localized to a very small number of on-premises customers only.” They have gone as far as shutting down their systems to help prevent the possible spread of this ransomware and advise customers to shut off administrative access to the VSA.

Following this attack, they have also added an additional message to all customers to ignore any emails or other lines of communication from Kaseya due to it possibly being an attack vector to this ransomware.

This event has also been reported by Bleeping Computer, that the attack has targeted six large MSPs and has encrypted data for as many as 200 companies.

Another article has been published by DoublePulsar, that Kevin Beaumont has posted more details about how the attack seems to have worked. REvil ransomware arrived via a Kaseya update and using the platform’s administrative privileges to infect systems. Once the Managed Service Providers (MSPs) are infected, their systems can attack the clients they provide remote IT services for (network management, system updates, and backups, among other things).

Around 10 AM EDT time William Turton wrote in Bloomberg that this attack affected more than 1,000 businesses in a ripple effect. This attack focused on Managed Service Providers, which relates to IT services that include more than 800 Coop grocery stores that could not open up on Saturday due to this attack. This single attack has now affected more than 17 countries which include U.K., South Africa, Canada, Argentina, Mexico, and Spain, according to Aryeh Goretsky, a distinguished researcher at the cybersecurity firm ESET.

This attack has been linked to the REvil ransomware gang, which also has links to the Acer and meat supplier JBS earlier this year. Now for the record, this may be the third time that this has happened to the Kaseya software from numerous reports.

Leave a Reply