An Overview of Kaseya: The “Biggest Ransomware Attack on Record”

If the year 2021 was a cyberattack, we’d have to crown it, “The King of Ransomware.” That’s because this past year has been downright riddled with cybercriminals demanding a ransom to unlock seized systems.

The latest unlucky victim of a ransomware breach was the software vendor, Kaseya. And according to cybersecurity professionals— like the world’s most famous hacker, Kevin Mitnick— attacks like these are only getting more and more sophisticated.

In this post, we’re taking a look at what caused this breach, who may be affected and how companies like yours can avoid the growing threat of ransomware attacks and similar cyber threats:


What Happened?

The Friday before Independence Day weekend 2021, bad actors were hard at work breaching into the managed service provider (MSP) software company, Kaseya. 

True to the nature of a ransomware attack, the cybercriminals froze the IT management software’s business data, demanding $70 million dollars in Bitcoin before decrypting the compromised data.

By Monday morning, Kaseya issued a statement sharing that approximately 50 of its direct customers were breached, with the number increasing to 60 by late Tuesday. Of the 60 Kaseya clients that were compromised, it’s projected a downstream of up to 1,500 businesses may be affected, according to CNBC.

Kaseya anticipated bringing servers back online later in the evening of Tuesday, July 6th, but by Wednesday morning, was still at a standstill. “We have not yet been able to resolve the issue. The R&D and operations teams worked through the night and will continue to work until we have unblocked the release,” Kaseya said in its latest update Wednesday morning. Kaseya has made no comment about whether or not they will pay the Bitcoin ransom to obtain their freedom. 

Emsisoft investigated the malicious software used in the attack and believes the ransomware is yet again the work of an affiliate connected with the cyber gang REvil, believed to operate from Eastern Europe or Russia— and the masterminds behind numerous other ransomware attacks in 2021, including the May JBS attack.


The Implications of the Ransomware Attack

Kaseya provides network and endpoint indicators of compromise (IOCs) as well as detection tools, which their customers (MSPs) use to investigate security breach signs. These MSPs offer IT services to small businesses, such as restaurants and accounting firms. 

By breaching Kaseya, the hackers’ access trickled downstream through the software provider’s 60 customers’ worth of clients— meaning, these cybercriminals may have uncovered a wealth of data across dozens of brands. 

According to Yahoo! News, “ The Kaseya attack has ricocheted around the world, affecting businesses from pharmacies to gas stations in at least 17 countries, as well as dozens of New Zealand kindergartens.”

With the breach being so new, we’re still unsure of the extent of access the attackers have gained— nor, what they may do with it. 


The Largest Attack to Date: Exploring the Growth of Ransomware

While there have been many other ransomware attacks over the last year— including Garmin and UHSnews outlets and cybersecurity experts are calling this Kaseya breach “the biggest ransomware attack on record.” 

What exactly makes this cyber attack different from other ransomware exploits to date? Certainly, this exploit is monumental both in terms of the size of the breach— possibly extending to 1,500+ companies— and in the amount demanded to unlock the files— $70 million dollars. 

“That’s an amplification attack,” Kevin Mitnick said in his interview with CNBC, “What these bad actors are doing is, rather than targeting one company at a time, they’re targeting MSPs— because now these MSPs have customers, and so it amplifies the attack. They’re able to monetize this malware in a more expedient way.”

But Kevin believes it’s more than just the reach and ransom that’s earned this breach such high regard. He says it’s more about the growing sophistication of the way bad actors leverage supply chain ransomware attacks at large.

“It’s the tradecraft they use to evade any antivirus tools,” Kevin explains, “The tradecraft that they found a find a zero-day exploit to actually carry out this attack. It’s more of the technical, under the hood. It’s really how they went about deploying the malware.”

Kevin says there are many ways companies must elevate their security posture to keep up with the ever-evolving craft of cybercriminals, but a few key takeaways from his interview include:

  • Look for appliances that create a logical air gap. Can a bad actor manipulate and manage your backups?
  • Always encrypt your files. This way the cybercriminals have a harder time accessing your private data.
  • Invest in cyber insurance. Yes, that’s a thing. This way, if you download ransomware or other malware, you have financial support.
  • Conduct regular penetration testing. Annual pentesting can help detect vulnerabilities in your security infrastructure before the bad actors do.


5-½ Easy Steps to Avoid Cyber Threats

In his interview with CNBC, Kevin spoke high-level about how to enhance your security, but high-level actions alone won’t stop a breach.

Download our 5-1/2 Easy Steps to Avoid Cyber Threats for some actionable ways to increase your digital security, today. New call-to-action

Topics: Kevin Minick, ransomware, In The News

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

The Growth of Third-Party Software Supply Chain Cyber Attacks

When testing your employees' social engineering readiness, your teams need simulated attacks that feel as if they’re coming from a nefarious engineer...

Read more ›

Bypassing Key Card Access: Shoring Up Your Physical Security

As you build additional layers of defense into your cybersecurity framework, it's important to implement physical security strategies as well.

Read more ›

How to Prioritize Your Pentesting Report’s Remediation Recommendations

If you recently received a penetration test, you’re on the right track to improving your cybersecurity posture. However, you may be wondering what the..

Read more ›