The Kaseya attack was a zero-day exploit attack that took down the servers that are used to provide VSA SaaS (Virtual System/Server Administrator Software as a Service). The VSA SaaS software then infected and locked down the computers running the software. This attack compromised over 1500 companies and is now being called one of the worst cyberattacks to this date. The hacking collective responsible for this attack is REvil (Ransomware Evil), one of the top Ransomware hacking groups based out of the former Russian federation countries. These are the same hackers responsible for the JBS, the world’s largest meat processor, ransomware attack earlier this year in which the company was forced to pay REvil $11 million. At this time, it is not known how the group gained knowledge of the zero-day vulnerability in Kaseya’s VSA servers, as it is still under investigation.
At this time the Global Resilience Federation, a nonprofit provider and hub for cyber, supply chain, physical and geopolitical threat intelligence exchange between information sharing and analysis, has recommended the following actions to prevent events like this in the future:
- User awareness training
- Blocking unknown software installations
- Not opening unknown attachments
- Force Multifactor Authentication on all users
- Utilize an air-gapped backup system
- Keep all antimalware databases up to date
Why are western countries the counties hardest hit by ransomware? The hackers know western companies have insurance policies for ransomware demands. On top of that, American companies are often willing to pay the large ransoms in order to regain control of their systems and data. Most ransomware groups are based in countries that do not allow US interference with the groups making it extremely difficult to hold any of the cyber criminals accountable. The rise in cryptocurrency’s popularity also makes it very difficult to trace transactions. This makes having reliable and secure backups and investing in IT systems and cybersecurity the only ways to stop these attacks from being profitable to the hacking collectives.
If you have any questions regarding the Kaseya attack, Ransomware, or any of the NERC CIP Standards, NIST Cyber Security Standards, or general utility cyber security questions, please contact the GDS Cyber Security Team:
Bill Bateman Bill.Bateman@gdsassociates.com
James Fenstermaker James.Fenstermaker@gdsassociates.com
Dex Underwood Dex.Underwood@gdsassociates.com