Ransomware is one of the biggest security concerns for almost all organizations today. Ransomware is a piece of malware that encrypts the files on a user’s system and demands some sort of payment to unlock the files. While we can deal with ransomware on a small scale by doing system restores and saving data on the cloud, it is almost impossible to keep an organization running with the data locked out.
Most ransomware attacks have a financial motive. Some of the most recent ransomware attacks are the Kaseya Ransomware Attack that impacted thousands of small-medium businesses, the CD PROJEKT Red Ransomware Attack, the Ransomware Attack on the Buffalo Public School system, etc.
When attacked by ransomware, companies either have to pay the amount to get a decryption program or let go of all the encrypted data. The attackers usually threaten to release the data on the internet if the organization doesn’t pay the money. However, there is no guarantee that the data won’t be released even if the organization does pay the demanded sum.
Kaseya Ransomware Attack
Kaseya is an IT solutions provider for multiple managed service providers. On July 2nd, 2021, the organization was hit with a supply chain ransomware attack encrypting multiple files essential to keep thousands of businesses running.
As of now, around 800-1500 small-medium-sized companies are impacted through their managed service providers. Kaseya has been handling the incident rather well for the past month.
The organization notified all its customers to shut down their servers to keep administrative access. Customers are notified through multiple media like messages, emails, etc. the organization also shut down all its software as a service server. Moreover, all the data centers also went offline to protect the remaining data from ransomware.
Kaseya Attackers
The cyberattack on Kaseya is not a random job. The infamous REvil/Sodinikibi group claimed responsibility for the attack on its dark web blog. REvil was identified as the attacker in numerous other ransomware attacks in the past year. Financial gains seem to be the primary motive of the group.
The group demanded a ransom of 70 million dollars in bitcoin to deliver the universal decryptor key to unlock all the files. Even though there appeared to be some negotiations at first, the sum remained unchanged on the REvil blog on the dark web.
On July 22nd, Kaseya released a key to decrypt all the ransomware-affected files. However, there are no sources on how Kaseya obtained this key. The organization mentioned that the key comes from a trusted third party.
Even though the sources are unclear, experts speculate that the ransoms must have been paid to obtain the key. Kaseya’s teams are actively helping customers recover from this sophisticated ransomware attack.
Conclusion
Ransomware is one of the most sophisticated and complex cyberattacks to execute. The Kaseya ransomware attack left many customers with encrypted files. However, the organization did obtain a key and is actively working towards resolving the situation.