On July 2, a supply chain ransomware attack occurred against Kaseya VSA and the managed service providers (MSP) that employ VSA software. Kaseya VSA is a cloud-based MSP platform that allows providers to perform patch management and client monitoring for their customers. The attack, reportedly undertaken by a Russian-based cybercriminal known as REvil, compromised as many as 1,500 small businesses. Because of the vast number of companies potentially affected, the attack could end up being one of the biggest in history. The attackers demanded a $70 million payment in bitcoin in exchange for recovery. Kaseya’s chief executive officer, Fred Voccola, has not confirmed whether Kaseya will pay the ransom.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages companies to review the CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack and Kaseya’s advisory in case their systems have been compromised by this latest ransomware incident.
Ransomware attacks have been on the rise and will not stop anytime soon. In recent months, Colonial Pipeline and meat producer JBS were victims of this same type of attack. Small and medium-sized businesses are not immune to this kind of threat, and attacks like the one against Kaseya demonstrate that companies must incorporate a cyber hygiene routine before they are attacked. It is not a matter of if, but when, companies will face cybercrime. One of the tools to specifically help small broadband providers is CyberShare: The Small Broadband Provider ISAC. CyberShare promotes the resiliency and continuity of operation of small broadband providers across the United States. For more information about becoming part of a collaborative community to improve your security posture, please visit CyberShare – The Small Broadband Provider ISAC.
