Earlier this week, American software company Kaseya was targeted by a sophisticated ransomware attack carried out by notorious cybercriminal organisation REvil. The situation has not yet been resolved, with Kaseya operations continuing “around the clock” in an attempt to resolve the attack.
Russian-based REvil distributed its ransomware after a vulnerability in an update mechanism was identified by the gang. This flaw resided in the automated update system of Kaseya’s IT management software. The software, known as VSA, was developed for ‘managed service providers (MSPs)’ – companies that look after the digital environments of businesses that need to outsource their IT operations. By planting the ransomware in this mechanism that is already used and trusted by Kaseya’s partners, REvil were able to affect approximately 50 organisations as well as Kaseya itself.
In a statement released yesterday, Kaseya quotes “Many of Kaseya’s customers are managed service providers, using Kaseya’s technology to manage IT infrastructure for local and small businesses… such as dentists’ offices, small accounting offices and local restaurants. Of the approximately 800,000 to 1,000,000 local and small businesses that are managed by Kaseya’s customers, only about 800 to 1,500 have been compromised.”
Whilst only a small percentage of Kaseya’s indirect clientele were compromised, this remains a large number of businesses impacted by the ransomware. An estimate of over one million computers have been encrypted and this gang is playing the ransom game differently. Instead of demanding a ransom amount from an organisation as a whole, REvil is requesting payment for individual devices at a price tag of US$45,000 each.
The ransom requests are coming through REvil operators’ ‘Happy Blog’ and include an offer to provide a universal decryptor for the attack, provided the ransom of US$70,000,000 (AU$92,000,000) worth of BitCoin. However, many victim companies that do pay the ransom presented to them in an attack still do not recover all of their data – it’s a huge gamble in an extremely high-pressure situation.
So what do we take from this event?
It was a large-scale attack on an American company, what does it have to do with small businesses here in Australia? Australian Cyber Security Centre (ACSC) states in their recent Annual Cyber Threat Report, “Cybercrime is one of the most pervasive threats facing Australia… Cybercriminals follow the money. Australia’s relative wealth, high levels of online connectivity and increasing delivery of services through online channels make it very attractive and profitable for cybercrime adversaries.”
Ransomware itself is an enticing choice for cybercriminals as this type of attack can be achieved with minimal technical expertise and is a low cost to the attacker whilst retaining the ability to induce a heavy blow on its victim as evidenced in the current attack on Kaseya. According to ACSC, ransomware is the biggest cybercrime threat to our country.
It pays to be protected
Cybersecurity is what we do. We are passionate about educating and protecting Gold Coast businesses from cybercriminal activity which is, unfortunately, a common occurrence. We have a range of options from cybersecurity training for your staff to top-tier protection provided by leading brand Sophos.
Get in touch here or chat with our cybersecurity specialist Brendon on (07) 5528 6663.
Note: All Covered IT Australia was not affected by this ransomware attack and is not affiliated with Kaseya.