Kaseya VSA was used as a means to spread ransomware after a known issue was taken advantage of by cybercriminals. The data breach occurred last week and due to the shutdown of Kaseya Cloud and on-premise servers, many companies worldwide were affected by this ransomware attack.
The tech firm was privately notified by The Dutch Institute for Vulnerability Disclosure (DIVD) about seven vulnerabilities in its systems back in April of this year. DIVD chose not to disclose the nature of the vulnerabilities to the public, citing that the information would have potentially led to Kaseya and its clients being in danger of exploitation. DIVD is waiting on a patch from Kaseya before divulging details about the vulnerability.
The cyber attack was reportedly carried out by Russia-linked hackers associated with the REvil ransomware group. They’re asking for a ransom payment of $70 million in exchange for Kaseya and its subsequent clients being released from the hack. What Kaseya’s next steps are remains to be seen.
Code used by the cyber-crime gang in the attack avoided targeting systems that use Russian and other Soviet-era languages. Those include Russian, Ukrainian, Belarusian, Armenian and Arabic. According to cybersecurity experts, these criminals have been given leeway from their government to commit attacks as long as the attacks are not domestic in nature. Places like the United States and Europe, however, are fair game.
When it comes to ransomware attacks, it’s wise to never pay the ransom because it encourages hackers to keep doing what they’re doing. They can encrypt files or other personal data they gain access to, and will ask for huge amounts of money as compensation.
President Biden is scheduled to meet with officials at a few different federal agencies in order to discuss what can be done about the increasing number of ransomware attacks. Some of these agencies include the Department of Justice, The Department of Homeland Security, as well as the State Department. The FBI linked the REvil group involved in this incident to a previous attack on JBS Foods back in May of this year.
Ongoing meetings between Russian and U.S. officials are addressing cybersecurity concerns. Hopefully there will be more in-depth answers regarding the situation in the near future.
Who’s Got Your Data?
Need an estimate? Request a quote below!