On Friday, July 2, 2021, Kaseya VSA was hit with the largest and most advanced ransomware attack ever recorded.

Kaseya VSA is an all-in-one solution for IT management, network security, and remote monitoring through the cloud. The 2021 Independence Day weekend ransomware attack impacted around 60 managed service providers (MSPs) and approximately 1,500 of their end-users. The REvil ransomware-as-a-service group demanded 70 billion in bitcoin from Kaseya to release the decryptor key, although the company never paid the ransom.

Kaseya alerted federal cybercrime authorities and warned customers to shut down their VSA servers, but many companies were too late, with their entire IT networks disabled. This attack forced many organizations to shut down business operations until Kaseya could create a security patch.

Cybercriminals are becoming more sophisticated, so it is essential to learn from their tactics. As the old saying states, “Those who do not learn history are doomed to repeat it.” We have created an analysis of how the Kaseya data breach happened so you can better understand the changing landscape of hacking and cybersecurity.

Cybercriminals

Analyzing the Kaseya Cyberattack

Cybersecurity experts have called the Kaseya ransomware attack surprisingly complex. It is important to understand how the Kaseya attack occurred:

  • Zero-day vulnerability:¬†The Dutch Institute for Vulnerability Disclosure (DIVD) warned Kaseya of seven security vulnerabilities in their software, including the CVE-2021-30116 that REvil exploited.¬†Unfortunately, Kaseya was still creating a series of patches when REvil attacked.
  • Simultaneous attack:¬†Experts believe REvil exploited Kaseya’s software to attack multiple MSPs at once, impacting each MSP’s end-users.¬†This supply chain attack focused on reaching the MSPs’ endpoints, with downloads disguised as official Kaseya updates.
  • International victims:¬†The Kaseya attack impacted around 1,500 customers and 60 MSPs across the globe, affecting countries like the United Kingdom, South Africa, Canada, Indonesia, New Zealand, and Kenya.¬†Both small and midsize companies felt the impact, with Coop supermarkets in Sweden forced to close hundreds of locations.

 

You Don’t Have to Do It Alone

Not sure how to guard your company’s future against attacks like REvil’s? Partner with a team that understands how cybercriminals tick so you can have peace of mind. We can help you shore up your defenses, prepare for the unexpected, and plan what to do if an attack strikes.

See also  Learning from T-Mobile's Cybersecurity Mistakes

Interested in connecting with us? We’d love to help. Speak with¬†a¬†team member at 877.780.2446, or¬†visit our contact form¬†to shoot us a message.

Connect with us