Written by Benjamin Freed
Two small towns in Maryland appear to be the first local governments known to be affected by the REvil ransomware attack against software maker Kaseya as the compromise of one of the company’s products has spread downwards.
The cities of Leonardtown and North Beach, both on Chesapeake Bay, confirmed this week that their computers and networks have been disabled, with some city services being disrupted. In North Beach, city officials said they became aware of network problems around 12:30 p.m. last Friday, around the time news of the Kaseya incident unfolded.
“After contacting our IT service provider, the city employees immediately took action and switched off the network server and all workstations.” read a press release from the town town. “The city of North Beach was discovered Friday night by a ransomware attack. The attack came from third-party software called Kaseya, which is installed on the city’s systems and used by our IT service provider to remotely manage computer systems. “
The notice informed residents of the community of approximately 2,000 people that the water system, phone system, backup server and website were not affected. Officials also said there is still no evidence that data has been stolen, but the incident is still under investigation. REvil, like many ransomware syndicates, often grabs its victims’ data and threatens to reveal it if a claim is not paid.
In Leonardtown, which experienced a network outage around the same time as North Beach, the ransomware attack delayed the distribution of quarterly electricity bills to the city’s roughly 2,900 residents, according to a Press release Tuesday by Laschelle McKay, the city manager. Local residents also cannot access the city’s online payment site.
“Shut everything down,” said McKay The Washington Post.
Hackers behind the global ransomware strike tracked Kaseya’s VSA platform, which is used by managed service providers around the world, who in turn support organizations – such as small businesses and local authorities – that outsource their IT functions. Ransomware attacks targeting MSPs can have a downstream impact, as seen in August 2019when nearly two dozen communities across Texas were simultaneously hit by a cyber attack.
Neither Leonardtown nor North Beach have their own IT staff, and officials in both cities said they have no direct supplier-customer relationship with Kaseya.
Leonardtown sources its IT services from a company called JustTech, which is based in La Plata, Maryland and has approximately 3,000 customers for its managed IT and printing services across the Mid-Atlantic region.
North Beach officials said they expect their computer systems to be restored in about a week. McKay, the Leonardtown administrator, told StateScoop that JustTech restored city government internet service Thursday morning and that its systems, including electricity billing, should be back up and running within 24 hours of it.
McKay’s Tuesday note stated that “no ransom will be paid.” The REvil hackers demanded a global ransom of $ 70 million in cryptocurrency from the Universe of Victims, a group that includes one Swedish supermarket chain and Schools in New Zealand.
Kaseya said Tuesday it is believing about 1,500 organizations worldwide are affected by the ransomware attack.
#Maryland #Cities #Affected #Kaseya #Ransomware #Injury #StateScoop