Kaseya Ransomware Attack

July 5, 2021
computer code

This is a nightmare to manage.

Allan Liska, an intelligence analyst at cybersecurity firm Recorded Future, on last week’s ransomware attack against software company Kaseya.
  • On Friday, Kaseya warned its customers of a "potential security incident" and by Saturday, it confirmed it was a "victim of a sophisticated cyberattack" on its software. That software is used by companies across the globe as well as managed service providers (MSPs), who are hired by smaller businesses to manage their IT services – meaning the potential scope of the attack is widespread.
  • When asked on Saturday about the attack, President Biden said that "if it is, either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond."
    • On Sunday, a Russian-linked ransomware group called REvil demanded $70 million in cryptocurrency to supply a universal decryption tool.
  • The full scope of the attack is not yet known. On Tuesday, Kaseya said less than 60 of its customers were "directly compromised" by the attack, with less than 1,500 downstream businesses impacted. According to reports, at least 17 countries have reported victims.
    • The FBI is working alongside the Cybersecurity and Infrastructure Security Agency (CISA) to investigate the attack and provide aid to victims.
  • BIG PICTURE: The Kaseya ransomware attack is the latest in a string of massive ransomware attacks, following attacks on JBS – the world's largest meat processing company – and Colonial Pipeline, which delivers nearly half the fuel consumed on the East Coast. Both companies paid the attackers via bitcoin. In the case of JBS, the FBI attributed the attack to REvil.

by Jenna Lee,