As the year winds down, it’s time to start looking at 2024 and what the year could mean for local organizations. It’s likely that most businesses are putting together their operational plans and marketing budgets, and all of that is certainly important, but there are some major situations at play that could cause your business to suffer from major losses and rack up huge expenses if decision-makers aren’t prepared for it.
USA Computer Services Blog
Perhaps the most dangerous and notorious modern malware, ransomware affects businesses and industries without any regard to size or scope. It can even impact individual users and get away with it. We urge businesses to consider the other dangers associated with ransomware beyond just paying the ransom, as they extend far beyond and could have lasting impacts on your operations.
We throw around the term “ransomware” an awful lot, and while we’re confident that most people have some level of familiarity with the concept at this point, it is important that we acknowledge that not everyone has our experience in dealing with it. As such, we wanted to answer some of the questions we hear fairly often about ransomware.
The headlines hyping up ransomware as a dangerous threat are not exaggerating. It really is as bad as it seems, although there is often a fair amount of embellished information on what ransomware exactly is and what it does. Let’s take some time to review what ransomware is and how your business can handle it in an appropriate way.
It sincerely seems that every other day features news of another cyberattack, and it isn’t uncommon for the word “ransomware" to be tossed around an awful lot. Let’s take a few moments to go over—or review—what ransomware is, and arguably more importantly, how to handle any you or your team encounters.
Ransomware is an incredibly potent threat that has ravaged the cybersecurity landscape for several years now. Many users who get struck by ransomware feel like they have no choice but to pay the ransom, but others have banded together to create a community of resilience in the face of such a threat. Thanks to the efforts of one particular agency, victims of malware can enjoy access to malware removal tools for free.
We apologize for the pun, but we couldn’t help ourselves.
When you go about your business and attempt to onboard a new client or implement a new tool for your company, you spend time getting to know what your business is doing and why. Well, a newly formed ransomware group will spend up to two weeks mapping your network before launching its attacks, making it a potent threat actor that you should keep an eye out for on your business network.
Imagine your business becomes the target of a ransomware attack. The situation is dire, and you need access to your data. You decide to pay the ransom, even though all security professionals advocate for the opposite. The worst is behind you, you think. This is unfortunately not the case; there are countless other costs that ransomware can bring to the table, and none of them are good. Let’s examine the true cost of ransomware beyond just the ransom.
When people talk about network security, it’s just like they are talking about any other subject, the most terrible and devastating of the bunch is all that is spoken about. In the case of malware, there is a lot of information about ransomware going around out there because it is largely the worst type of ransomware there is for any organization. Unfortunately, malware is a vast and largely misunderstood thing. Today, we thought we would briefly go through modern malware so you can identify if you are a victim or not.
There are all kinds of threats out there that can make things difficult for your business, but one of the biggest threats from this past year was ransomware. Ransomware encrypts data on the victim’s device so that it is inaccessible without the decryption key. Hackers have been successful with these extortion methods, as well as many others, yet ransomware continues to be a serious source of anxiety for businesses of all sizes and industries.
Ransomware is one of the worst threats you can encounter, and the first half of 2021 saw more large-scale ransomware attacks against both individuals and businesses than ever before. A new threat, however, promises to disrupt this trend, and it’s one that you might not have considered: fake ransomware attacks.
Ransomware is such a major problem for computing-dependent organizations that even government agencies are getting involved, equipping businesses and organizations with tools to help themselves identify whether or not they are at risk of these attacks. The most recent addition to this group, the United States’ Cybersecurity and Infrastructure Security Agency (CISA) have made their Ransomware Readiness Assessment, or RRA, available as part of its Cyber Security Awareness Toolset.
Ransomware has been a scourge to businesses for years now, with it unfortunately experiencing a renaissance of sorts as the COVID-19 pandemic came to the fore. With increased phishing attacks and other means of spreading ransomware now taking advantage of the ongoing situation, it is all the more important that these attempts can be identified and mitigated.
Countless high-profile ransomware attacks have surfaced over the past several years, all against targets like manufacturers, pipelines, hospitals, and utility companies. Obviously, these attacks are a cause for concern, but some small businesses might make the mistake of thinking themselves too small to target. Unfortunately, this is simply not the case; we’ll help you protect your business from these devastating cyberattacks.
This past May, Ireland’s Health Service Executive—the organization responsible for providing healthcare and social services to the country’s residents—was successfully targeted by a major ransomware attack. Unfortunately, we are still talking about it now because the entire situation has forced us to acknowledge the aftereffects of such an event.
Let’s dive into the details and see what can be learned from this ransomware attack.
What is Kaseya?
Kaseya is a software vendor that works closely with managed service providers (MSPs) to provide IT solutions. The software designed by Kaseya is meant to be used by managed service providers and large enterprises to manage and support technology across multiple networks. As reported by ZDNet, at least 40,000 companies worldwide use at least one tool created by Kaseya.
The attack in question leveraged a vulnerability in Kaseya’s VSA service, which is basically a remote monitoring and management tool.
Since Kaseya plays such a key role in connecting IT companies to the businesses that they support, it should come as no surprise that such a ransomware attack could have profound effects on both the MSP service industry and the countless businesses that are supported by them. If your IT provider happened to use this particular software, there is a good chance that you were unlucky enough to become a victim of this attack, especially if other countermeasures weren’t in place.
The Attack’s Timeline
To give you an idea of how this attack has progressed, let’s take a look at the timeline, as it was reported by ZDNet:
- July 2, 2021: Kaseya CEO Fred Voccola announced that the company experienced an attack against the VSA that was limited to “a small number of on-premise customers.” Voccola also urged users of the VSA service to disconnect all servers hosting the solution in an effort to prevent further infections. Kaseya informed those potentially affected by the attack, as well as shut down their own SaaS servers as a safety precaution.
- July 3, 2021: Kaseya released a Compromise Detection Tool to help customers determine if they have been compromised by the ransomware or not. The tool analyzes the endpoint or server to see if there is any indication of compromise on the system.
- July 4, 2021: Kaseya declared that they had become a “victim of a sophisticated cyberattack,” and brought in external security experts, including Mandiant, to aid in learning more about the attack and resolving the issue.
- July 5, 2021: Kaseya issued the following update: "We are developing the new patch for on-premises clients in parallel with the SaaS Data Center restoration. We are deploying in SaaS first as we control every aspect of that environment. Once that has begun, we will publish the schedule for distributing the patch for on-premises customers."
The attack itself is thought to have been administered via an automated malicious software update, bypassing authentication and executing commands remotely. More information on this attack can be found in Kaseya’s briefing on the incident here.
The Takeaway
Since this particular issue was caused by a zero-day vulnerability (a previously unknown vulnerability) in a provider’s systems, it is hard to fault anyone in particular for this hack, but it does further reinforce the importance of monitoring your system for irregularities, as this attack was only uncovered as a result of such monitoring. Imagine the damage that could have been caused by this threat if it were to remain undiscovered for an extended period of time. It just goes to show that even businesses that do everything right can still become victims of ransomware attacks.
While there are countermeasures to prevent ransomware attacks and restorative measures to get back in business after being attacked, if these measures weren’t in place for a company that was a victim of the attack, things probably aren’t looking very good.
We can’t stress enough that it is critical to have a solid backup solution in place that is regularly tested and reviewed. It’s also a good idea to have your network hardened and evaluated at least once a year to help it withstand ransomware attacks and other threats. Even if you need a second option, we’re happy to help.
Therefore, you should always take preventative measures to ensure that ransomware is as mitigated as possible. We can help your business keep itself safe from threats of all kinds. To learn more, reach out to us at (704) 665-1619.