Ransomware as a Service: The Service that Indiscriminately Attacks

While America was celebrating our country’s Declaration of Independence, Kaseya, a Floridian based Managed Service Provider (MSP), suffered one of the largest ransomware attacks to date, indiscriminately compromising at least 1500 U.S. businesses, as well as those international. The affected MSP customers were largely small and mid-sized organizations, which may come as a surprise to many. In many cases, we often think that only large corporations or entities are susceptible to these cyber tactics. They are, of course, the organizations with deep pockets, right? Wrong. The Kaseya breach is a prime example how hackers can, to some degree, customize their extortion demands based on the size of the organization, which is exactly what the Kaseya hackers did here.  

The suspected hacker organization, REvil—a Russian organization that has built their criminal enterprise utilizing Ransome as a Service (RaaS)—successfully infiltrated Kaseya’s network, leveraged its services, and deployed the ransomware within 2-3 minutes tops. Not only is their ability to infiltrate Kaseya’s network alarming, but the hacker organization invaded Kaseya’s network, along with their MSP customers, without a trace. Additionally, both Kaseya and its MSP customers did not have any warning or the ability to detect any cyber incident because the ransomware came through a trusted channel.

These hackers—who have developed a business model that profits off the extortion of others—are constantly exploring and innovating new ways to attack. As ransomware attacks continue to make the headlines of mainstream media, one must start to wonder whether any lessons have been learned from Colonial Pipeline, JBS, SolarWinds, and of course, Kaseya.

After Kaseya’s breach, three things remain certain; first, RaaS does not discriminate against the size, or the types of services provided by an organization. Second, organizations should take a zero-trust approach. This means that organizations should not automatically trust anything inside or outside its perimeters, and instead, verify anything and everything that is trying to connect to its systems before granting access. Finally, organizations should approach cybersecurity proactively, as opposed to reactively. This means investing in services and technologies that provide a layered security approach. Ultimately, a proactive approach to your organization’s security hygiene will mitigate cyber incidents and nefarious actors from penetrating your network, and save your organization from reputational damage.

Source: Sophos Kaseya Analysis Webinar

The material and information provided in Maureen Data Systems (“MDS”) Content are for general information only and should not, in any respect, be relied on as professional advice. The MDS Content shall be construed as author-based content and commentary. Accordingly, no warranties or other guarantees are offered as to the quality of the opinions, commentary or anything else appearing in such MDS Content. MDS expressly reserves the right to delete stories at its and their sole discretion.