Kaseya Ransomware Attack by REvil

Kaseya Ransomware

I have long been considering a post like this. The truth is that we live in a nasty world. Our job as IT experts is to do everything in our power to keep your business safe. 

Many of you will have heard about what is being described as a colossal cyber-attack launched by a Russian hacking group called REvil 

These criminals try to gain access to IT assets in business. They try to do two things. Firstly, copy as much data out of the business, then encrypt all company data so the business is paralysed.  

They then ask the business to pay a large ransom to get access to the data back…. And stop them publicly publishing your data on the Internet, causing a potentially large GDPR fine as well as significant reputational damage. 

The attack this weekend involves a company called Kaseya who provide IT companies like us with tools to support our customers. 

Better-IT does not use Kaseya, we use tools provided by a company called Datto and if you are one of our customers, your systems are perfectly safe. 

It appears the REvil found a weakness in Kaseya. The reports as I write this are stating that at least 8 major IT companies have been affected in the US, some 200 customers with 1000’s of computers and servers encrypted with ransomware including half of the point of sale systems in Sweden’s Co-op stores forcing them to close. 

We suspect the damage is far worse and we might not know the full scale of it until the world is back at work on Monday morning. For now Kaseya have told all IT companies using their software to shut down their Kaseya servers. 

The hackers have even made a public announcement saying 1 million endpoints have been encrypted, and they want a huge ransom of $70million.

It goes without saying that this is a nightmare for all concerned. Not just for those directly affected but for the whole IT industry. As an IT service provider we are acutely aware we have a huge responsibility to keep our clients and their data safe and the tools we use to do that are a key part of that service, keeping anti-virus up-to-date, installing patches to prevent attacks, monitoring systems to make sure they are behaving – the list goes on. Learning about a direct attack on the tools that our industry uses to do that is a very concerning thing. 

Supply Chain attacks like this are probably going to become more common and these sorts of attacks don’t necessarily just have an effect on your own IT systems. For example if your main supplier is attacked and effectively shut down, what effect does that have on your business? Can you still get the parts or services you need to be able supply your own customers? All of us need to be aware of this potential risk to our businesses and have disaster recovery plans in place. 

Prevention is better than cure so ask questions of your key suppliers. What are they doing to defend their IT systems? Do they have professional IT support managing and monitoring their systems to ensure attackers can’t find an easy way in? Do they have Cyber Essentials Certification to prove their IT systems are in good shape? 

The simple fact is that many businesses in the UK still don’t take IT security seriously. Buying computers and just getting them fixed when they break is simply not enough these days. If you want to stop yourself or your business becoming a victim to cyber-attacks you must understand that you need proper layered security provided, managed and monitored by a professional IT Supplier.   

 If you are a Better-IT customer we are IT security experts. If you were on our standard security package, then even if had we been using Kaseya, we are confident that the attack would have been blocked by our layered security stack and immediately set off multiple alarms that would have alerted us as well as automatically taken remedial action to protect your business.  

In summary: 

  1. If you don’t have professional IT support looking after your business then do seriously consider it. I fully appreciate there is some irony to this advice given that this most recent attack has come via IT support providers using Kaseya this time. However, like us, I believe those providers will have ensured monitored backups are in place and they will of course be helping their clients recover their systems promptly. The whole IT support industry will quickly learn from this attack and do whatever is necessary to prevent a repeat. That knowledge will strengthen everything about what we as an industry do to protect our clients.
  2. Check how your key suppliers look after their IT and do your own risk assessment on what effect a breach of their systems could have on you.
  3. Consider getting Cyber Essentials for your own business. It’s an annual health check of your own IT systems and will prove to your customers and suppliers that you take your own IT security seriously. Better-IT can help you with this too. Contact us for more information.