Once again, a very complex ransomware attack has made it to the news.
Kaseya, a multinational software company based in Dublin, Ireland fell victim to a ransomware attack during the Independence Day weekend. Among their products is VSA, a tool that provides MSPs with remote monitoring and management (RMM). This tool allows technicians to remotely manage servers, computers, and other devices for their clients. On July 2nd, the CEO of Kaseya announced that it had fallen victim to a ransomware attack.
The CEO of Kaseya advised all clients to immediately shut down their VSA servers to protect themselves and their clients from the attack. Kaseya also employed help from cybersecurity companies like Huntress to help fix the issue. Huntress identified that the breach may have been achieved by an authentication bypass vulnerability in the VSA web interface which allowed the attackers to find a way around authentication controls, begin an authenticated session, and execute commands via SQL Injection. This allowed the attackers to add a malware payload to a VSA software update and in turn the malware-infected almost 1000 companies’ servers and workstations.
DID THEY FIX IT?
On July 5th, Kaseya released another statement that said a fix had been developed and was going to be deployed to their SaaS first because they have more control over it. "We are deploying in SaaS first as we control every aspect of that environment. Once that has begun, we will publish the schedule for distributing the patch for on-premises customers." However, companies all over the world are starting to develop, update, and combat ransomware using all kinds of different methods.
WHAT WOULD BLACK LINE DO?
Here at Black Line IT we use Datto for our RMM software which works very similarly to Kaseya’s RMM but it also includes native Ransomware Detection. Datto’s Ransomware Protection allows users to learn about infections instantaneously instead of waiting for users to report them, which will allow for administrators to act before the infection spreads. Datto ransomware Detection also allows administrators to prevent the spread of ransomware using automatic network isolation, which isolates the infected systems so the infection cannot spread.
We also provide several other products by Datto that can help add an extra layer of security to your systems and data. If you are a Black Line Client and would like to explore more security options for your business, contact your account manager.
WHY SHOULD I CARE?
Attacks like this will continue popping up all over the world, and the monetary loss from these complex schemes is only growing. It is more important than ever to stay on top of updates and systems to help keep your business safe, and you can count on us at Black Line IT to keep you informed and secure.
If you have any questions leave them in the comments below, and we hope you have a great day!