Who Are Kaseya?

Kaseya is a provider of cloud-based IT and Security management solutions for MSP’s and small to medium sized businesses globally.

Solutions include:

  • VSA – a tool used for remote monitoring and management, network monitoring solution and endpoint management.
  • Enabling MSP’s and IT admins the opportunity and ability to monitor situations and prioritise challenges faced by system administrators when maintaining networks

The KASEYA Ransomware Attack
The Dutch Institute for Vulnerability Disclosure (DIVD) were first to notice a system vulnerability and worked together with Kaseya to create patch for it.

On the 2nd July the Russian hacker group REvil took these vulnerabilities as an opportunity to exploit Kaseya before Kaseya and DIVD were able to put a solution in place, resulting in a complicated cyber-attack – the biggest one record

What did they do?

  • The incident response team were able to effectively implement actions to help prevent any further damage.
  • Kaseya seemed to only have their VSA products compromised by the supply chain attack.
  • As a precaution the company put a temporary pause on SaaS services to ensure that they were safe from any potential attacks.

In the report published by Kaseya they mentioned that only a handful of businesses were affected by the attack, however other sources are saying otherwise. Swedish grocery chain Coop were one of the many businesses who were affected by the cyber-attack, as well as international companies in the financial services sector, travel and leisure sector, public sector etc who were also amongst those affected.

Who are REvil?

REvil is a Russian based cyber-criminal gang who revealed that they were behind the attack, claiming to have compromised almost 1 million devices and demanding $70 million (BTC) in Bitcoin to decrypt the devices.

This is not the first time REvil has been involved or linked to cyberattacks on large organisations.

  • June 2021, a similar attack happened putting JBS in a vulnerable position.
  • JBS are the largest meat processing company, leaving them out production for a few days.
  • JBS paid the fee of almost $11 million to avoid any future attacks even though some of their operations had returned to normal whilst the payment was being made.
  • JBS are still recovering from the attack, highlighting, regardless of how large a company is or how much money you have there are still detrimental impact when you are a target of a cyber-attack.

How Can You Protect Your Business?

  • Establish effective control and oversight of your supply chain.
  • Understand the risks, establish control, check arrangements, apply continuous improvements
  • Mitigate against the threat of malware and ransomware attacks with regular backups, take a preventative approach and be prepared for an incident

Talk to your Technical Experts

  • How would you know an incident has occurred?
  • What measures are taken to minimise the damage an attacker could do inside your network?
  • What is your incident management plan for cyber incidents and how can you ensure it is effective?
  • Does your incident management plan meet the particular challenges of ransomware attacks?

If you want some guidance in this area, please get in touch with the Clear Thinking Specialists.

Further guidance resources:

NCSC statement on Kaseya incident – NCSC.GOV.UK
Business Cyber Security – Clear Thinking Solutions