Ransomware Attack Affects Over 800 Businesses Worldwide
Kaseya, a Miami-based IT management company faced a brutal ransomware attack last week, affecting the company and hundreds of its clients.
The attack broke down security to Kaseya's systems and used their access to spread through their clients' corporate networks. This set off multiple chain reactions that paralysed between 800 and 1,500 businesses worldwide.
Those affected by the file encrypting malware included a grocery store chain, schools, credit unions, accountants and leisure organisations.
What happened?
The ransomware attack targeted Kaseya's VSA software. A software specifically developed and sold to managed IT service providers who use it to remotely manage their customers' IT networks and devices.
Reports state that the hackers gained entry to the system using zero-day vulnerabilities that Kaseya was recently notified of, and were in the process of fixing.
Who is behind the attack?
Claiming to be behind the attack are Russian linked REvil, one of the most profitable cyber-criminal gangs in the world.
The group has previously been blamed for the FBI hack in May of this year and the attack on JBS, the world's largest meat supplier.
Since the ransomware attack, the hackers have claimed to have compromised over 1 million computers and are demanding $70 million in exchange for restoring the affected businesses' data.
Ransomware attacks have become an increasingly common occurrence worldwide. In recent months, we saw the HSE become compromised by an attack and a gas pipeline in the US shut down by hackers.
Should you ever be on the unfortunate end of a cyber attack, our in-depth knowledge and Incident Response service will have your organisation ransomware free and up and running in no time.
How can Secora Consulting help?
By partnering with us, we offer you complete 360-degree approach to Incident Response by using our expertise to:
- Prepare: Effective planning and preparation is key to quickly recovering from incidents and breaches.
- Detection and Reporting: Identifying, investigating and reporting incidents both internally and externally is pivotal to respond to an incident.
- Analyse: Analysing and identifying the extent and depth of an incident and the impact of any data compromised facilitates the development for remediation and eradication.
- Remediation: By containing the incident, the extent of the breach is limited, stopping any potential future issues or exploitation. Once contained the remediation plan developed can be implemented to recover to business as usual.
- Post Incident: Reviewing the incident and creating a Cyber Incident Report will allow you to improve on, or create processes to facilitate incident response through lessons learnt and understanding the implications of the breach. The report can also confirm the feasibility and allow for implementation of any missing security controls.
If you have any questions on our Incident Response service or how to reduce your exposure to a cyber attack, get in touch!
Further reading:
Our services
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.