ST. LOUIS – Hundreds of companies across the country are still under attack by ransomware after a cyber attack involving Kaseya, an IT management software company. The group behind the attack is demanding $ 70 in Bitcoin to unlock files for all victims.

While it is reported that between 800 and 1500 Kaseya customers are affected, the number is believed to be even higher. The attack affected Kaseya software used by managed services providers (MSPs). For each of the affected MSPs, several clients are also affected by the ransomware.

Blade Technologies of St. Louis, Missouri, is one of those MSPs. Scott Schaffer, chief information security officer at Blade Technologies, says such attacks often happen on holiday weekends when there are fewer people in the office. That was the case with the SolarWinds injury last year.

Schaffer said the alleged perpetrator of the attack was someone who worked with REvil, a company that sells software to perpetrators. He says you may never know who is behind the real threat, but it definitely came from REvil’s software.

Schaffer says the group behind the attack compromised a “zero-day” bug in the Kaseya Agent Monitor. This is a bug that nobody knew existed, not even Kaseya. Once the agent monitor was breached, a file was placed on a computer in a directory that was not scanned by malware detection software.

He says the attackers then execute an order to disable the defenses so that the attack goes undetected. The attackers then run another command to install the encryption software and the wallpaper on the computer changes and a ransom note is displayed.

Schaffer says the most important thing your company or organization can do when outsourcing network monitoring to an MSP is asking them how they are protecting your information.

He says don’t ask this just once, ask it often. Schaffer says any MSP who gets it right will welcome this question.

Kaseya is updating its customers on its website, and the Chief Technology Officer recently briefed customers on what to do next. You can see the updates here.

.

Source link
#Kaseya #Ransomware #Attack #Protect #Business #Simple #Question #Simple

Leave a Reply