Earlier this year we saw companies; JBS – a global meat processing company, and UnitingCare – a healthcare agency crippled by the hacker group: REvil. The result of this attack was immense and resulted in services being shut down and staff either being let go or stood down temporarily while the companies raced to get things back in order. According to sources, JBS bartered an $11million ransom to get their decryptor key.
This month, REvil are back at it again.
Coinciding with the US’ 4th of July celebrations, the cyber criminals infiltrated Kaseya’s systems and consequently infected around 1,500 other companies according to the Washington Post.
Kaseya is a software that assists Managed Service Providers with delivering monitoring services as well as many others. Due to this, the ransomware was able to exploit a vulnerability in their code and spread to clients in as many as 17 countries through their Managed Network system. Many Coops in Sweden were shut down as the attack rendered their cash points useless. 9 schools in New Zealand were also affected.
The FBI is urging anyone who was victim to the attack to come forward although they may not be able to help directly. President Biden has ‘directed all resources’ to investigate the attack.
REvil is what’s known as ‘Ransomware-as-a-Service’, meaning they develop the ransomware/software and lease it to the associate who commissioned it. As well as hacking the target, the lease would also earn the majority of the ransom when paid. The idea behind this is that the target is so badly attacked that they end up paying the ransom in exchange for the decryptor key.
The Australian Cyber Security Centre has said that Australia is currently unaffected by this attack however the CRM ConnectWise has blocked the API integration of Kaseya and IT Glue (their documentation app) for now until the situation is resolved.
“We will re-enable the IT Glue integration (and others) once we officially confirm that there is no vulnerability or threat through third-party validation or through our own due diligence to confirm there is no risk to our partners as it relates to this incident. “
Tom Greco
CISO, ConnectWise
This is not to say, however, that using an MSP doesn’t make your business secure. This one-off attack should certainly prompt all providers to check their codes and software to ensure there are no vulnerabilities that can be exploited.
The most common method of ransomware finding its way into your system is through ‘phishing’ emails. Cyber criminals will send malware through email links and attachments so that once they are opened, the unsuspecting user gets infected with the ransomware and by that point, it’s usually too late.
What can you do?
Contact your IT department or ONGC today and schedule a Security Review – especially if it has been more than 12 months since your last one. Also review our other security articles to make sure you are following all advice to keep your systems as secure as possible.
Reach out today and we can discuss the best option for you – whether it be a DarkWeb scan or security training.