Cyber SecurityJuly 9, 20210The Kaseya Cyber Attack Of July 2021

The hackers targeted Kaseya’s VSA, or virtual systems/administrator. Cybersecurity experts immediately estimated that around 1000 businesses were affected. The hackers immediately made it clear that they were “ready to negotiate” concerning a resolution.

Kaseya Limited is a U.S. software company based in Miami, Florida. The company was founded in 2001 and boasts offices around the world. However, its international headquarters are in Dublin, Ireland. Since Kaseya was founded, it has acquired over a dozen companies, and the company claims that at least 40,000 organizations use one piece of Kaseya software.

Kaseya Limited is owned by Insight Partners, a New York-based venture capital firm. The company markets “unified IT management software” that can help businesses improve both efficiency and security. The software is then sold and outsourced to businesses all over the world.

 

About The Kaseya Hack

Kaseya was the victim of a supply chain attack on July 2, 2021. This particular cyber attack affected various businesses, including schools in New Zealand whose systems were affected for weeks. It also affected Visma, a Norwegian-based computer software company that manages Coop systems, a well-known supermarket chain in Sweden. The ransomware attack also affected schools and kindergartens in New Zealand.

The hackers targeted Kaseya’s VSA, or virtual systems/administrator. Cybersecurity experts immediately estimated that around 1000 businesses were affected. The hackers immediately made it clear that they were “ready to negotiate” concerning a resolution.

Fred Voccola’s CEO would not comment on whether they would pay a ransom to the hackers. Various employees brought up cybersecurity concerns with respect to Kaseya, but they were not addressed. There were weak passwords associated with Kaseya’s products and servers, and there were reportedly major issues with basic Kaseya cybersecurity practices.

A Kaseya VSA security flaw was previously exploited for a cryptocurrency scheme in 2014, and a separate 2018 “crypto jacking” operation. In a crypto jacking operation, afflicted computers were used to mine cryptocurrency, often without victims noticing.

The Kaseya hack is also a part of a growing trend in hackers taking advantage of remote management tools. While more organizations require tools that allow them to manage large networks; it also means that hackers can do more damage if they are able to exploit a particular product or vulnerability.

 

About REvil

One of the major differences between the Kaseya ransomware attack and many other cybersecurity breaches is the Kaseya hack was actually “claimed.” Specifically, a group named REvil claimed the attack and stated that the cybersecurity breach affected over 1 million organizations. REvil is a Russian-based (or Russian speaking) “ransomware as a service” operation.

REvil is one of the most high-profile cybercriminal organizations in the world. They are known for going after some of the most powerful corporations globally, including Apple and Acer. It recently targeted JBS, the world’s largest meat processor. JBS Foods is a global provider of meat, chicken, and pork, and employs over 230,000 people. JBS agreed to paid $11 million to the group even after it resumed operations.

This is considered to be one of the biggest cybersecurity hacks ever from the hacker group. REvil initially claimed that the attack had affected 40,000 computers but later claimed that it had affected 1 million. Many of the victims of the Kaseya cybersecurity breach were small and medium-sized businesses. REvil demanded $70 million in cryptocurrency for a public universal decryptor tool.

 

The Kaseya Response

Kaseya notified customers of the attack almost immediately. Voccola advised individuals to shut down their VSA servers immediately, and customers were identified by email, phone, and online notices. The company knew about the bugs that the hackers exploited. Kaseya was actively working to fix these bugs when the company was attacked. The attack was purposely timed to affect as many businesses as possible during Independence Day Weekend.

Coop, a Swedish supermarket chain, was forced to close 800 stores due to the Kaseya cyber attack. Joe Biden, the United States President called Vladimir Putin, the Russian President, as a result of the Kaseya cybersecurity breach. Biden has focused on cybersecurity more than other past presidents.

Nineteen days after the Kaseya cyberattack, the organization obtained a “universal decryptor” from a third party. The organization originally was not confirming or denying whether a ransom was paid to the Russian hacker group, but it later denied that any ransom was paid whatsoever.

The REvil group ended up vanishing from the dark web after the cyber attack, according to analysts. There are various theories about whether the group disappeared because it had gotten too much attention from law enforcement or whether Biden or Putin had something to do with the online presence of REvil shutting down. Other experts expect that the group will rebrand and emerge under a different name.

About Malimar

Malimar Technology Group boasts a group of expert IT professionals and cybersecurity experts to help protect your business from cyberattacks such as the one mentioned above. The Kaseya hack was possible because Kaseya refused to take cybersecurity seriously, and that was a grave mistake in the modern world.

We can help guide your organization concerning preventing cyberattacks in the future and offer seamless remote support to our clients regarding their IT needs. Malimar Technology Group is one of the top cybersecurity companies in the San Diego area, and offer services such as server/PC management, strategic IT planning, and server backup solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *