The most recent ransomware attack on software company Kaseya, which affects thousands of organizations worldwide that rely on the company’s network management software, reached Virginia Tech, where IT administrators were hosting approximately 600 computers around its campus in Blacksburg, Virginia this week. have shut down.
According to a statement from the university’s tech department on Wednesday, the affected computers were connected to Kaseya’s VSA software, a platform used by managed service providers and owned by members of the REvil ransomware gang.
Although Virginia Tech was not a direct target of the cybercriminals, the Kaseya attack had many downstream effects as the malware spread to MSPs and other Kaseya customers, some of whom in turn passed it on to their own customers, as shown in two small towns in Maryland.
Virginia Tech has been a Kaseya customer for several years, with the school’s IT help desk using the VSA platform to provide remote support and distribute software patches. according to a case study from 2018 issued by the company.
“As part of Virginia Tech’s immediate response, the Kaseya VSA application has been shut down, effectively stopping any further spread of the ransomware,” the school’s IT department said in the update. “The IT and IT staff in the department have been working to restore data from backups and restore critical systems affected by the security breach as quickly as possible.”
The 600 affected computers are re-imaged to “remove all traces of the ransomware” and scanned with antivirus software and another program that identifies sensitive data. The IT department also reminded the Virginia Tech student and faculty community to back up their data offline and run anti-virus programs.
Kaseya said at least 1,500 organizations around the world could be affected, although the Russia-based REvil gang – which has been demanding a collective ransom of $ 70 million in cryptocurrency – has claimed 1 million systems could be affected. The United States has been trying for the past few months to pressure Russia into safe haven for non-state cybercriminals like the REvil operators, particularly in the face of other high profile ransomware attacks against the Colonial Pipeline and meat supplier JBS, the latter from what last month paid REvil affiliates $ 11 million for a decryption key.
White House spokeswoman Jen Psaki said earlier this week: “If the Russian government cannot or does not want to take action against criminal actors in Russia, we will take action or reserve the right.”
#Virginia #Tech #caught #ransomware #attack #Kaseya #EdScoop