Businesses should be prioritising their IT security as the increase in cyber crime continues. You may be aware of a recent ransomware attack on US-based firm Kaseya, which has been described as the biggest global ransomware attack on record.
Here at Pro Drive our clients can be reassured that we don’t use this particular Kaseya software so aren’t affected. However, we do take any cyber attack very seriously and put in rigorous security procedures around all work that we do. As part of this, we continue to monitor the situation. Your business should also prioritise its IT security.
What do we know about the attack and threat to IT security?
The BBC reported that Kaseya has said that less than 40 of its customers were directly affected by the attack, but the impact has been felt worldwide. We know that amongst victims there are hundreds of businesses in the US, hundreds of Coop grocery stores in Sweden, two major Dutch IT firms, and educational establishments in New Zealand.
The government’s National Cyber Security Centre (NCSC) is investigating the impact of the attack in the UK and which firms have been targeted. It was carried out by Russian hackers REvil, who are demanding $70MILLION (£50.5 million) in cryptocurrency ransom to provide a decryptor key to unscramble victims’ IT systems and make them usable again.
REvil – also known as Sodinokibi – is one of the most prolific cyber-criminal groups in the world.
The NCSC is advising organisations that are affected to disconnect infected computers, laptops or tablets from all network connections.
How did the attack happen?
REvil are believed to be the hackers behind the extortion of $11 million from the meat-processor JBS earlier this year. In this latest attack, they managed to breach VSA, a piece of Kaseya software that is used to manage larger IT networks. This gave them access to Kaseya’s clients’ computers – and also those of their clients’ clients.
The cyber attack became apparent on Friday 2nd July, just before the long US Independence Day weekend. Kaseya advised clients that use its VSA tool to shut down their servers immediately.
It is clear that ransomware attackers are thinking strategically about how to cause the most disruption and damage, so that they can request the highest ransoms possible.
Ransomware is a growing, global cyber threat and all organisations need to act to limit the risk by ensuring they have robust IT security, covering their systems and networks.