An Inside Look at the Kaseya VSA Cyberattack

Sep 30, 2021 | By Convergent

Cybercriminals are unfortunately not going away. With the recent Kaseya VSA cyberattack, thousands of companies were left vulnerable to being compromised. What is even more alarming is that in 2020 there was a 62 percent increase in ransomware attacks compared to the previous year. The rise in these malicious crimes has shown the evolution and advancements of cyberattacks on companies.

One supply chain account disrupted thousands

On June 2, 2021, REvil exposed a vulnerability in Kaseya’s remote monitoring and management tool by launching one of the largest and most expensive ransomware attacks in history. Since many MSPs use this tool as a service offered to their own customers, the Kaseya VSA cyberattack was two-fold in its impact as it both directly and indirectly affected customers all the way down the supply chain.

 

Around 30 Kaseya MSP customers were affected by the cyberattack. Once notified of the breach, VSA servers were shut down immediately. This resulted in thousands of MSP customers, many of which were small businesses, being unable to rely on their services and were at risk of being shut down by ransomware.

Huntress CEO and co-founder Kyle Hanslovan said REvil took advantage of a zero-day vulnerability to attack MSPs and ultimately thousands of businesses at the same time.

The Indirect Impact Outside Kaseya

In addition to Kaseya’s customers who were directly impacted by the attack and the MSPs’ customers who were also impacted, more than 36,000 MSPs could not access Kaseya’s SaaS VSA for days while it was offline. The Kaseya VSA cyberattack hit 17 countries but was especially harmful in the United States, Germany, Canada, Australia and the U.K.

Schools, pharmacies and supermarkets were among the list of companies whose data was encrypted in the cyberattacks. From a global perspective, even Sweden's largest supermarket chain, Coop, had to close hundreds of its stores. While the company does not directly deal with Kaseya, their payment systems are managed by them, resulting in payment systems being temporarily shut down.

 
The cyberattack indirectly affected many companies and their customers, many of which had strict demands to be paid for the release of their own systems. The ransoms demanded ranged anywhere from $50,000 to over $50 Million for all MSPs and clients. While many businesses could not adequately function while their systems were down, those that were securely backed up, like Convergent, were at less risk of being compromised.

How To Protect Against Future Attacks

 

It is no surprise that cybersecurity is more critical to companies than ever before. Many are susceptible to being attacked and compromised by harmful malware. The best way to combat these malicious attacks is to be prepared, respond accordingly, and have frequent security assessments to manage the incoming threats that plague unsuspecting businesses. Convergent can provide companies layered security throughout their network and protect against future cyber threats.

Convergent customers that were affected by the Kaseya attack, fortunately, did not experience destructive outcomes. Advanced securities swiftly notified Convergent of the global cyberattack, allowing for an immediate and safe shut down of all affected systems. Customers that were managed and monitored from cloud-based servers were also safe from the cyberattack. Through proactive monitoring, management, and supportive IT infrastructure, Convergent's managed services can provide companies with multiple levels of security that continuously protect and secure their networks.

 
Convergent provides a dark web scan, which is a full system assessment to identify breached credentials while also performing infrastructure reviews. The dark web scan also highlights key areas where companies can save money while increasing workflow efficiency. Take the steps to a more secure company by requesting a full network assessment of your company to further identify and analyze network vulnerabilities.

 

Request a Network Assessment