Colossal' Ransomware Attack Will Potentially ‘Impact Thousands’ of Businesses
The “colossal” ransomware attack last week on software manager Kaseya—an international company that remotely controls software programs for businesses—could end up affecting many more than the reported 200 U.S. companies after all the dust has settled, according to security researchers.
Cybersecurity firm Huntress Labs senior security researcher John Hammond said that while it is unclear how many firms will end up victimized by last Friday's attack, it would be reasonable to expect the current number to rise many fold.
“It’s reasonable to think this could potentially be impacting thousands of small businesses,” Hammond told NBC News. In a direct message on Twitter, Hammond told NPR that, “Kaseya handles large enterprise all the way to small businesses globally, so ultimately (this) has the potential to spread to any size or scale business.”
“This is a colossal and devastating supply chain attack,” Hammond added.
Brett Callow, a ransomware expert at another cybersecurity firm, Emsisoft, echoed sentiments regarding the size of the attack, noting that he’d never seen anything of this scale.
“This is SolarWinds with ransomware,” Callow told NPR.
The Scale of the Impact
Other experts suggested that the attacks were specifically targeted for the July 4th holiday weekend, when IT or cybersecurity staff is potentially lower than a typical week—and less capable of a quick response.
- International Scope: Despite the focus on U.S. companies, international firms have been severely hit. For instance, Coop, one of Sweden’s largest grocery chains, was forced to temporarily close nearly all of its 800 stores.
- The Culprit: Pattern analysis of the malware points toward REvil (also known as Sodinokibi), a notorious ransomware-as-a-service gang that has orchestrated similar supply chain hacks in the past.
- Federal Response: The U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued a statement confirming they are “taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software.”
Managing the Risk of Third-Party Vulnerabilities
Exterro often emphasizes the importance of third-party vendor management and ensuring that you know which third parties have access to what types of data. Having that information on hand helps to make the ensuing breach response processes (including notification of affected parties) a little less onerous—and in situations like this, everyone could use a little less stress.
[Image: Digital infrastructure showing the connection between a central software manager and various downstream business victims]
Breach Management software like Exterro's integrated solution enables you to be confident that your incident and breach response process is both documented and defensible. Leveraging the NIST Standards Playbook, Exterro bridges the gap between Information Security, IT, and your Legal team to ensure a comprehensive and documented process. It eliminates current ad-hoc, risky approaches, delivering greater predictability, transparency, and speed to resolution.
With incidents on the rise, businesses must seek the right technology to help handle breaches.
