Kaseya supply chain ransomware attack recap
Kaseya is a Miami, Florida-based Managed Service Provider (MSP). They offer a cloud-based platform that allows customers to manage patches and monitor their clients. According to Kaseya’s website, the company provides its customers “with best-in-breed technologies that allow them to efficiently manage, secure and backup IT under a single pane of glass.”
On Friday, July 2, Kaseya suffered a ransomware attack that was initiated by criminals who exploited vulnerabilities within Kaseya’s IT management product. The breach allowed the hackers to access Kaseya’s clients and thereby engage in further ransomware attacks.
Our full explanation of the Kaseya attack.
What do we know about the Kaseya hack now?
The attack on Kaseya is being referred to as the “largest ransomware attack on record,” due both to the scale of the damage done as well as the $70 million ransom being demanded by REvil, the group responsible for the breach.
On Tuesday, Kaseya said that around 50 of its customers had been directly affected by the hack. However, the company also said that as many as 1,500 downstream companies all over the world have also felt the fallout of the attack through firms that manage IT infrastructure remotely for multiple customers using Kaseya.
Independent cybersecurity researchers contend, however, that more than 2,000 companies have been roped into the attack, with the number expected to grow as the ramifications of the attack continue to be reported.
Currently, Kaseya continues to acknowledge the ongoing reach of the attack while also downplaying the possibility of any crucial, nationally important agencies or services being affected.
“We’re not looking at massive critical infrastructure,” said Kaseya’s chief executive Fred Voccola. “That’s not our business. We’re not running AT&T’s network or Verizon’s 911 system. Nothing like that.”
What make the Kaseya hack so dangerous?
The attack on Kaseya has far-reaching, unique implications and has left cybersecurity experts and authorities scrambling.
According to Doug Schmidt, professor of computer science at Vanderbilt University, in this case the hackers targeted the very systems that are generally used to keep customer data safe from bad actors.
“This is very scary for a lot of reasons. It’s a totally different type of attack than what we have seen before,” said Schmidt. “If you can attack someone through a trusted channel, it’s incredibly pervasive. It’s going to ricochet way beyond the wildest dreams of the perpetrator.”
Who has been affected so far?
The hack has disrupted operations for a broad spectrum of companies and services, meaning the results of the attack are already difficult to sum up. Authorities are bracing themselves for a challenging recovery due to the sheer number and diversity of victims.
From schools in New Zealand to a Swedish grocery chain being forced to close its doors due to its cash register system being knocked offline, much like the recent high profile hacks of SolarWinds and Accellion, its reasonable to assume that the fallout from the hack of Kaseya will continue to be assessed as the year unfolds.
Currently, Kaseya continues to acknowledge the ongoing reach of the attack while also downplaying the possibility of any crucial, nationally important agencies or services being affected.
“We’re not looking at massive critical infrastructure,” said Kaseya’s chief executive Fred Voccola. “That’s not our business. We’re not running AT&T’s network or Verizon’s 911 system. Nothing like that.”
The U.S. government’s response
REvil, the group responsible for the attack, has only been bolstered by DarkSide’s recent takedown by authorities after their hack of Colonial Pipeline. REvil has a strong anti-U.S. sentiment and has said online that they will not be deterred by American efforts to curb ransomware attackers. Some researchers feel that this attack may have been carried out not so much for profit, but as a display of rebellion and strength by REvil.
The attack took place on the Friday before the July 4th weekend and mere weeks after President Joe Biden’s meeting with Russian President Vladimir Putin in which the U.S. President affirmed that he drew a hard line with regard to Russia’s involvement in cybercrime against America. Russia has thus far denied any direct involvement in the attack, although REvil is believed to have its origins in Russia, and has a history of not carrying out attacks against Russian companies or agencies.
“As the president made clear to President Putin when they met if the Russian government cannot or will not take action against criminal actors in Russia we will take action or reserve the right,” said White House Press Secretary Jen Psaki.
The FBI has stated that it will likely not be able to address each individual attack, as the agency is preparing for an overwhelming influx of work related to the event.
News regarding this attack and the response by U.S. authorities continues to develop.
Sources
- Who’s behind the Kaseya ransomware attack – and why is it so dangerous? by Kari Paul, The Guardia, 7 July, 2021
- A massive ransomware attack hit hundreds of businesses. Here’s what we know by Clare Duffy, CNN Business, 7 July, 2021
- Hackers demand $70 million to end biggest ransomware attack on record Associated Press, 5 July, 2021
- White House rebukes ransomware gang as number of apparent REvil victims remains uncertain by Tonya Riley, CyberScoop, 6 July, 2021
