By John Hock, CPA, CISA, CITP, SOC – Manager, IT Advisory and Security Group

Over the holiday weekend, Kaseya, a Miami-based IT management software firm, was the victim of a REvil ransomware attack – compromising close to 1,500 known businesses across in at least 17 countries.

Specifically, Kaseya’s VSA software was the target of the attack. The software is leveraged by many large managed security service providers (MSSPs) that help small to midsize businesses monitor and control their computer networks.

REvil, the same Russian-language group behind the attack on meat processor JBS over the Memorial Day weekend, appeared to have identified a vulnerability within the Kaseya’s coding to be in a position to demand $70 million to unlock the businesses affected by the hack.

Due to the nature of the software and its users, its impact is expected to be widespread, which won’t likely be known for some time. However, at this point it is believed those businesses using the software as a service (SaaS) solution have not been impacted by the attack based on updates posted to the company’s website. 

What You Should Do

Kaseya is working on releasing a patch as quickly as possible to get customers back up and running safely. In the meantime, if you or your MSSP are leveraging Kaseya VSA, it has been recommended to take those servers offline immediately and await further instruction from Kaseya.

Use the Compromise Detection Tool to aid in the determination if you are directly affected by this attack.

In addition, you should begin the early stages of your Incident Response Plan and continue to monitor Kaseya’s incident updates and apply patches when they are available.

Be Prepared for Future Attacks

Recently, this type of supply-chain attack has been more and more frequent. If you have not assessed your cybersecurity posture, you should. Doeren Mayhew’s IT and cybersecurity advisors have helped numerous organizations get a clear picture of where they stand from a cybersecurity perspective and identified ways to improve their cybersecurity posture. Contact us today to learn more.