by Jim Lundy
Ransomware attacks are here to stay. For many in technology, it is hard to even get a weekend off these days with the growth of Ransomware as a Service (RaaS) attacks. Over the July 4th holiday weekend, hundreds of entities from schools to hospitals were shut down due to their technology service providers being hacked, due to the tools they use. This blog overviews what happened and provides two actions enterprises should take now.
Ransomware as a Service is here – ReVil strikes again
Since the hack of the Colonial Pipeline in May 2021 (see our Aragon Blog), Ransomware attacks have increased dramatically and now it is a business. A firm called Revil which is a Russian based RAS, targeted a firm called Kaseya and its VSA offering. Kaseya VSA is referred to as Remote Monitoring and Management Software. It used by Managed Service Providers to manage the software that they manage for their customers.
Kaseya VSA is a popular RMM offering. Firms such as Synnex and Avtex LLC used Kaseya and some of their customers appear to be affected. Based on published reports by Bloomberg, Synnex had not responded and Avtex President George Demou indicated they were working with their customers. Kaseya CEO Fred Voccola did respond in an email and said that fewer than 40 of its MSP customers were impacted. However, the main Kaseya has no indication that they were hacked.
Enterprises be on guard: Your Software and Services Suppliers are being attacked
The assumption when you hire a provider and that they have done all the due diligence to not be hacked. However, the RAS providers are hacking the tools they use – it all means that much tighter testing of upgrades of tools is needed. Software providers need much more rigorous testing of their upgrades before they ship them. In this case, the MSPs did not inspect their RMM platform – which was hacked and used to infect their customers.
It is as simple as being aware of the exact code in a software release and verifying that before the release goes live. With SolarWinds and now with Kaseya VSA, it has been very easy for hackers to infiltrate. Aragon Research is now aware that in the Solarwinds case, that executives at that firm may have been aware of risks to their code several years before they were hacked. Going forward, there will need to be much more due diligence by enterprises before procuring software and services.
Enterprise Call to Action: Start backing up Everything and Stop all Software upgrades
There are two vital things that enterprises must do now:
- For both enterprises and Managed Service Providers – stop upgrading software into production. Test upgrades in a Sandbox environment and get an assurance from your provider that each upgrade is ransomware-free.
- To recover from a ransomware attack, it is vital that all company laptops and servers have automatic backups implemented. That way, if an attack occurs, all devices can be wiped and then recovered from backup.
CEOs Signup for a Backup service now
Our best advice to CEOs, CFOs and CDOs – insist that your CIO implements an enterprise-wide backup strategy this month – July 2021. Do not wait to do this. It costs 5-10 per month. Firms, such as Acronis, Backblaze, Carbonite, and iDrive all offer compelling plans. For those who want to do it locally, Synology offers some very reasonable RAID backup devices. For Servers, it is more complicated, as it is for Cloud. See our Hot Vendors for Enterprise backup that included Cohesity, Rubrik and Veeam.
Bottom Line – Don’t Wait
For CEOs, Ransomware is now a part of our business life. Steps need to be taken now to prevent becoming the next victim. Don’t wait on the most basic protection – backup all of your devices. Sign-up for some of the services mentioned above. To not take action means your enterprise is at risk to be one of the next victims.