What’s Next After Kaseya Ransomware Attack?

Another ransomware attack has reverberated across the globe, forcing the shutdown of grocery stores, railways, and pharmacies in Sweden. Businesses in Australia, Germany, and Brazil are trying to figure out how to access important data—all while United States cybersecurity experts weigh the appropriate response against a notorious Russian hacking group.

REvil, a shadowy group of cybercriminals, took responsibility for last week’s attack, boasting on the dark web about its sophisticated ability to infiltrate IT systems operated by Kaseya. Through its network of managed service providers, Kaseya provides tech support to more than 40,000 businesses around the world. On Monday, July 5, Kaseya said only 800–1,500 of those businesses were affected, but new reports of infections were still coming in as the week wore on. CMIT Solutions does not use the systems that were affected in this attack, and none of our clients have reported infections.

Cybersecurity researchers in the Netherlands had actually warned Kaseya about a zero-day vulnerability in its systems, and technicians at the Miami-based software company attempted to address it through a software update. But the update was instead hijacked by REvil, and individual machines around the world were infected with the same kind of ransomware that knocked meat-processing conglomerate JBS offline in May. CMIT Solutions does not use the systems that were affected in this attack, and none of our clients have reported infections.

As of press time, the criminals of REvil were demanding varying amounts of Bitcoin ransom to restore computer systems: $45,000 for individual machines, $5 million for individual companies, and $70 million for a tool that would allow all impacted businesses to immediately recover their data.

Security researchers in touch with REvil said the group was willing to negotiate, offering to cut the all-in-one price to $50 million. But paying such ransoms remains controversial. The U.S. Cybersecurity and Infrastructure Security Agency, along with White House press secretary Jen Psaki, advised against it, “given that it incentivizes bad actors to repeat this behavior.”

For impacted businesses, however, encrypted data and offline systems can take a significant toll on the bottom line. “Our global teams are working around the clock to get our customers back up and running,” Kaseya CEO Fred Voccola said in the statement. “We understand that every second they are shut down, it impacts their livelihood, which is why we’re working feverishly to get this resolved.”

In the meantime, what can you do to keep your business safe?

The most important method of protection is often the most overlooked: regular, remote, and redundant data backups that render moot the question of whether to pay a ransom in the first place. Even if multiple strains of ransomware are unleashed against your company, restoring from a recent backup can help your business bounce back from even the most devastating attack.

Other best practices to mitigate the impact of ransomware include:

1. Multi-factor authentication (MFA) and single sign-on (SSO) solutions

Just a few years ago, MFA and SSO were relatively rare, considered by many businesses to be an annoying or even unnecessary extra layer of cyber defense. Today, however, these login protocols—which require a user to enter his or her password followed by a unique code or push notification typically delivered by text or email to confirm their identity—are becoming more and more common. MFA and SSO can reduce the negative impacts of a stolen password, which has been used in many ransomware infections to surreptitiously access networks, databases, and individual laptops or computers.

2. Endpoint detection and response (EDR)

Many cybersecurity experts say it’s not a matter of if ransomware will strike but when. If that’s the case, advanced tools like EDR allows IT experts to take a proactive approach to cybersecurity. With full visibility into a company’s network, you can analyze traffic, spot malicious movements, automate responses, and enable real-time threat identification to stop an infection before it worms its way in. The strongest EDR solutions run on specific devices and machines, reducing the lag time required to transmit information to and from the cloud while empowering trained IT staff to mitigate problems like ransomware before they take root.

3. Time-sensitive deployment of security updates and software patches

Maintaining reliable access to those backups is equally important. At CMIT Solutions, our data backup plans come with robust data recovery procedures baked right in. That means affected businesses can retrieve their information as quickly as possible to support a return to day-to-day business operations. Here’s that FEMA stat again for emphasis: 90% of smaller companies fail within a year if they can’t resume operations five days after a disaster.

3. Have you tested virtualization?

Although the Kaseya attack puts a fresh spin on this standard IT practice, it’s still critical, particularly if your business is running older machines on legacy operating systems. The infamous WannaCry attack in 2017 exploited the outdated OS Windows 7, and Apple recently announced that its Big Sur operating system for Mac computers was exploited and needed to be patched. Before the update, hackers transmitted sensitive data like cryptocurrency addresses, credentials, and payment card information from the Apple Store to the attackers’ server, bypassing standard privacy permissions and gaining unfiltered access to user machines. CMIT Solutions does not use the systems that were affected in this attack, and none of our clients have reported infections.

4. Capable, comprehensive IT support you can count on

In the wake of this Kaseya attack, managed service providers will be taking a fresh look at their own cybersecurity protection. Any partner you trust should walk the walk with such tools. At CMIT Solutions, we have reviewed every application and every device used by our clients across North America to ensure that none were impacted by the Kaseya attack. And we’ll be going above and beyond in the future to proactively hunt down and prevent ransomware infections through 24×7 monitoring that maintains a constant watch on every part of the technology ecosystem.

Additional tools that CMIT Solutions deploys include advanced anti-malware, traffic analysis, and multi-layered network security solutions; nationwide support that can protect physical and remote offices; real-world cybersecurity training for employees at companies big and small; industry-specific compliance; and the human intelligence that forms a rock-solid foundation for information technology.

Your business deserves advanced cybersecurity protection that evolves and responds to real issues. Today and tomorrow, the biggest threat is ransomware. At CMIT Solutions, we see ransomware as an existential threat to core business functions—not just another form of data theft. We earn the trust of our clients by working diligently to preserve day-to-day operations. As fellow small-business owners, we know how harmful even an hour of downtime can be.

If you’re ready to address the ever-changing ransomware threat and secure your business’s most critical IT assets before an attack occurs, contact CMIT Solutions today. We defend your data, protect your systems, and empower your employees to do their best work.