What you need to know about the massive global ransomware cyber-attack over the weekend

4 Jul 2021 | News, Security

The Risk Is Real.

Over the weekend, thousands of businesses were caught up in a global cyber-attack that is being blamed on a Russian hacker group called Revil. It is disappointing when geo-politics impacts everyday business, and the reports talk about President Biden ordering a probe. Let us hope that any probe can restrict and reduce ransomware in general.

This attack was vectored through a piece of IT support software called Kaseya VSA, used widely around the world, including by a number of NZ IT support businesses. The irony is that this tool is used specifically to manage software patches for organisations to help keep them safe from hackers.

 

Kinetics does NOT use Kaseya. Neither us, nor any of our clients were impacted.

Kaseya is an excellent support product, and is very similar to the tool we use. A number of friendly competitors do use it, and they have been working through guidance from the supplier today. We have offered assistance to them.

Some of the businesses you interact with may be impacted.

So far there are reports of over 1,000 businesses around the world being impacted, and ransom between $US64,000 and US$5M being demanded.

Is your software supply chain safe?

It is clever to attack common software used by many businesses.  There are all sorts of shared software like this in use, from antivirus to desktop support utilities, and from remote control tools to more sophisticated platforms like Kaseya.  There are common login tools, EDI, conferencing software, reporting and so on, all vital to ensure organisations can be more productive together.

At Kinetics we have been aware of the possibilities of these types of supply chain attacks.  We have highlighted them in our security webinars and news posts.  We have been vigilant with our software tools and ensured all supplier guideline recommendations are complied with, as part of a layered security web.  In the case of the Kaseya attack, it looks like an auto-update feature was exploited.  This has reinforced our procedure which is more proactive and cautious.

There will be lots of lessons coming over the next few days and we can all learn from them.

We’ve been warning about the massively increased cyber-risk environment for some time, and it just got even worse. The risk is real.  Every business is a target and at risk.  One lesson we can call out is the need for DR planning, and being aware of the support tools from all suppliers that are in use on your platform.  Every organisation needs practices to reduce risk, and manage both intrusion protection and recovery.

We will set up a webinar in a couple of weeks to review this in more depth so we can share our learnings.

 

Refer :

Global ransomware attack on software supplier Kaseya before US Fourth of July holiday leaves companies scrambling – NZ Herald

Worldwide ransomware attack: St Peter’s College and 10 other schools hit by US cyber attack – NZ Herald

Kaseya VSA ransomware attack: Biden orders probe | RNZ News

REvil ransomware hits 1,000+ companies in MSP supply-chain attack (bleepingcomputer.com)