Categories
Blog

The Kaseya VSA Ransomware Attack

Unfortunately, ransomware continues to make headlines, with the recent attack on Kaseya VSA products affecting 1500 organizations across the globe. 

Although WorkSmart does not use Kaseya VSA products and has not been impacted by this attack, it’s important to use this as an opportunity to grow our security practices and help you do the same.  

Security-News-Image-1

What happened? 

On July 2, cybercriminals compromised Kaseya’s VSA software, which is used to manage IT infrastructure for thousands of clients. 

As a result, the hackers turned the software into a “Trojan Horse,” using it to deploy ransomware to Kaseya’s customers (and, in this case, customers of their customers), locking the victims’ computers and demanding payment to fix it.   

You can read the official reports from Kaseya here. 

 

Why does this matter? 

Cybercriminals used the attack on Kaseya to get access to more victims. As the modern workplace becomes more connected, we’ll likely see more threats targeting companies “upstream” because of its broader reach and, therefore, the potential for a bigger payout. 

While you can’t prevent attacks on your software vendors, you can be prepared to quickly restore operations and minimize the impact of a successful attack. Kaseya acted quickly after being alerted to a potential threat. As a result, the attack was limited to approximately 50 Kaseya customers (of more than 35,000). 

Fred Vocolla, Kaseya, CEO, credits their ‘security playbook’ for making a critical decision within an hour of receiving reports of unusual behavior: shutting down the VSA infrastructure to stop the spread of any malware.  

More on the Kaseya response in this video. 

 

Preparing for a ransomware attack 

Of course, preventative measures are important as they reduce the risk of a ransomware infection. But, if they fail, a well-planned response helps your business spring into action and reduce the cost of an attack. 

Having a security incident response plan outlines critical steps like containing the infection (ransomware likes to spread), engaging legal counsel and insurance providers, communicating with clients and partners, conducting analysis, and restoring operations. 

 

Contact us if you have any questions about your cyber defense strategy or if you need help building your organization’s incident response plan.

 

Related Resources: