On July 3rd, 2021, a cyberattack resulted in the closure of 200 businesses around the world. This attack directly or indirectly affected the businesses involved in the supply chain. The ransomware attack caused the encryption of important files of organizations using IT management software by Kaseya VA. The Russian cybercrime group REvil is found to be behind the attacks. This is the same cybercrime group that recently attacked JBS meat processing company.
About Kesaya VA
Kesaya VA provides corporate IT management solutions and infrastructure throughout the USA and other countries like Australia, Sweden, and many other countries in Europe. The company provides an IT backbone to many large companies and organizations. Kesaya is a huge corporation. To get an idea of its size, it is quoted as the “Coca-Cola” of the remote management” by Wired magazine.
The 3rd July Attack
The 3rd July attack on Kesaya VA caused the encryption of data by hacking up to 40 Managed Service Providers of different companies across the USA, European Union, Australia, and LATAM using Kesaya VA for encryption of data.
The attack is like stealing the master key of the safe deposit boxes. Since Kesaya VSA is a popular managed service provider for many businesses, hacking into the MSP of Kesaya VSA is like hacking not all of its customers.
Revil has hacked into 8 MSPs of Kesaya VSA affecting about 200 businesses. The magnitude of loss is still not known since the businesses went on holiday after the attack on Friday.
History Has It…
The attacks on MSPs are common for hackers to access the victim’s data and files. The attack also provides an efficient way to spy. In 2018, China’s elite APT10 stole hundreds of gigabytes of data from various companies by breaching the MSPs. Revil, the hacker group from Russia which works for clients, has hijacked 22 Texas municipalities in 2019 by hacking a third-party IT company.
The recent growth of attacks on supply chain networks has also become very common. The attack on JBS, the largest meat processing company, on 1st June 2021 caused the blocking of meat processing from Australia to Northern America. REvil is known to be behind this attack too. The Brazilian company, JBS, paid $11 million in ransom.
The cybersecurity company, Huntress Labs has tried to explain the situation and its effect by detailed analyses. According to Huntress, the hack has hit 200 businesses, mostly in the USA.
The attack still results in the closure of 500 Coop supermarkets in Sweden. On Friday, the company shut its 800 stores down after self-service and point-of-sale tills stopped working. The company is not directly affected by the attack but one of the software providers uses Kesaya VSA in their system.
In a statement on Friday, the U.S. Cybersecurity and Infrastructure Security Agency said it was “taking action to understand and address the recent supply-chain ransomware attack” against Kaseya’s VSA product.
The US president Joe Biden, on 16th June in a summit in Geneva stated that Russian President Vladimir Putin has the responsibility to rein such attacks. Biden also provided the Russian President with a list of 16 critical sectors that should be abstained from hacking, including energy to water.
Biden on his visit to Michigan has stated, “We are not sure” who is behind this attack. The US government and cybersecurity agencies presumed it to be the Russian government, but they were still not sure about this.
The increasing dependency on technology has eased our lives in one way but created many other issues. Ransomware and hacking are some of the examples of these issues. Cybersecurity has become a pressing demand not only for larger companies but some small to medium-sized businesses as well. The chances of attacks can be reduced by using updated hardware and software, encrypting the data, backing up of data, and proper assessment of vulnerabilities in the system. These assessments when performed properly reduced the risks of cyber-attacks to many folds. These assessments are performed by cybersecurity companies to save time, money, and confidential information.
Rogue Logics provides in-depth security services for the assessment and protection of your application, data, and infrastructure against potential threats on-prem or in the cloud. Want a consultation with the professionals at Rogue Logics, Contact us and get a free