Kaseya Ransomware Attack: Impact In Calgary

A recent ransomware attack targeting Kaseya products in use by MSPs could put you at risk — do you know if your IT company in Calgary uses Kaseya products?

Does Your Calgary  IT Company Run Kaseya Products?

The Kaseya Ransomware Attack And It’s Impact In Calgary

A recent ransomware attack targeting Kaseya products in use by MSPs could put you at risk.

Do you know if your IT company in Calgary uses Kaseya products?

This past weekend, notorious cybercrime group REvil targeted Kaseya’s remote monitoring VSA platform with ransomware. The resulting infection spread from Kaseya to the many Managed Services Providers (MSPs) that use it, as well as their clients.

If you’re unsure whether your Calgary IT company uses Kaseya for remote monitoring, you need to find out.

Please note: CTECH Consulting clients are not affected by this ransomware attack. We do not use Kaseya products of any kind, and so, our client base is unaffected. 

What Is Kaseya VSA?

This cloud-based management and monitoring solution is designed for businesses of any size and in any industry. A popular solution, Kaseya VSA is used by many MSPs, allowing them to efficiently and effectively remotely monitor and maintain their clients’ IT environments.

What Is An MSP?

Managing an internal IT team is not always an option for a given business — doing so can be cost-prohibitive and time-consuming. That’s why many choose to outsource their IT support with an MSP.

In addition to handling support requests, MSPs help support strategic initiatives as they monitor, manage, and maintain the network and all information systems connected to it. For those with internal technology people or teams, an MSP lightens the load by protecting the business against the risks involved with overworked resources.

How Did This Attack Occur?

REvil targeted thousands of Kaseya users in a supply chain attack by exploiting a flaw in the software. Thanks to an advisory sent out by Kaseya and CISA, the damage from the attack was greatly limited, but it still affects as many as 30 MSPs and 300 businesses.

As a result of the infection, REvil was able to:

  • Remotely breach workstations and servers
  • Steal confidential and sensitive information
  • Install malware
  • Add new accounts
  • Delete valuable  data
  • Remove administrative access for key users
  • Hold businesses hostage

In the long run, this attack will likely result in extensive data loss for the affected businesses, long-lasting downtime, and high costs for recovery. Case in point: a grocery store chain affected by the attack has had to close down 800 stores while they deal with the infection.

How Should You Respond To This Attack?

It’s extremely important that you determine whether your business or MSP uses Kaseya products. If so, there are a few actions you can take that will potentially limit the damage:

  • Disconnect any devices and systems that are still connected to Kaseya VSA
  • Check your to ensure they are working properly and cannot be overwritten
  • Secure your networks using an IDS/IPS application tool
  • Implement a Next-Generation Endpoint Detection and Response Solution
  • Follow Kaseya’s recommendations including searching any Indicators of Compromise(IoCs)

If you have been affected by this attack and need expert assistance, get in touch with the CTECH Consulting team right away. 

How Can You Protect Your Business From Ransomware?

If reading about ransomware attacks like this one makes you wonder if your business is vulnerable to security breaches and cybercriminal attacks, don’t wait until you are attacked to come up with a plan.

When you’re not sure if you have the skills or knowledge to get the job done, what can you do? Consult with cybersecurity professionals like those on the CTECH Consulting team.