On July 2, 2021 at around 1pm EDT the REvil ransomware collaborative launched a ransomware attack through the Kaseya VSA tool. Kaseya makes a popular Remote Management and Monitoring tool that is used by over 36,000 customers. Throughout the holiday weekend, MSP security vendor Huntress Labs provided ongoing updates of the Kaseya supply chain attack, which looks to have impacted nearly 60 MSPs and over 1,00,000 endpoints making this the largest ransomware attack in history.
This attack is different from the attack in December against the SolarWinds Orion tool. In the SolarWinds attack the purpose of the adversary was to embed in systems and maintain persistence in large enterprises and government clients. In this new Kaseya attack we can see the impact of a financially motivated adversary launching a ransomware attack at the beginning of a holiday weekend in the United States. As of this writing, the unlock key for this attack is reported to be $70,000,000, although the adversaries are willing to negotiate a better price according to some reports.
Kaseya responded by shutting down their SaaS platform and recommended that all customers shut down their on-premise infrastructure. As of July 6, 2021, Kaseya has released a detection tool to their VSA product and are mapping out a plan to resume their SaaS platform and then work with individual MSPs to patch and update their on-premises systems.
Wired reported that the Kaseya ransomware nightmare is almost over with the introduction of decryption tools and the disappearance of the hacker group online.
This was a highly sophisticated attack and a good reminder that a multilayered cyber-defense strategy is imperative. Community IT Innovators can help your nonprofit prepare for and prevent cyber attacks. Some basics:
- Ensure that all data is backed up in off-site systems (your MSP or IT Director should be able to confirm this is current practice and up to date)
- Maintain a current Incident Response Plan
- Deploy advanced Endpoint Detection and Response (EDR) software depending on risk. To learn more, review the free download Nonprofit Cybersecurity Readiness for Nonprofits Playbook from Community IT.
Community IT does not use Kaseya products and our clients are not impacted by this specific Kaseya supply chain attack. We know that MSPs are targeted because of the broad access that we have into client networks and we take a proactive approach to the security of our tools and processes.
Ready for IT support you can depend on?
Community IT Innovators is not a security-only firm, but we deploy security measures for our clients and have developed cybersecurity expertise in understanding the threats nonprofits face. Our free resources here help our nonprofit IT community better protect ourselves. You can see several recent security webinars and other security resources here.
If you’re looking for more guidance – or to reduce the likelihood of cyber incidents in the first place – get in touch with us and schedule a cybersecurity assessment.
At Community IT Innovators, we’re found that many nonprofit organizations deal with more cybersecurity risks than they should have to, often after settling for IT support options that don’t factor in risks and ROI on preventing ransomware and other malicious hacks.
As a result, cyber damages are all too common.
We can help. Our techs are nonprofit cybersecurity experts. We constantly research and evaluate new technology solutions to ensure that you get cutting-edge solutions that are tailored to keep your organization secure. And we ensure you get the highest value possible by bringing 25 years of expertise in exclusively serving nonprofits to bear in your environment.
Whether you need help reviewing your cyberinsurance options or assistance in reducing the likelihood of an attack – if you’re ready to gain peace of mind about your cybersecurity, let’s talk.