But today is not that day. Kaseya: Roughly 1,500 businesses hit by REvil ransomware attack
Kaseya makes remote management software for Managed Service Providers, companies hired to manage systems and servers who can't be bothered to manage their own. (How's that working out?)
Now that isn't a problem, as long as the MSPs and their customers and the software vendors all get things right.
Things are not as bad as they could have been.
Of the approximately 800,000 to 1,000,000 local and small businesses that are managed by Kaseya’s customers, only about 800 to 1,500 have been compromised.
Though the REvil group is claiming that a great many more businesses have been encrypted.
And the FBI and The Cybersecurity and Infrastructure Security Agency (CISA) have provided guidance. CISA, FBI share guidance for victims of Kaseya ransomware attack .
This is the bit that caught my attention.
- Enable and enforce multi-factor authentication (MFA) on every single account that is under the control of the organization, and—to the maximum extent possible—enable and enforce MFA for customer-facing services.
- Implement allowlisting to limit communication with remote monitoring and management (RMM) capabilities to known IP address pairs
There are more recommendations, but I can't quote the whole thing.
If you are not following these guidelines - like Multifactor Authentication - already, start. What's that you say? It is "inconvenient?" Really? How inconvenienced do you think these victims of ransomware feel right now?
The details are somewhat horrifying. Kaseya required that all the directories it used were bypassed by any antivirus/malware. It is probably why they were targeted, because the bad actors could do what they want and know they wouldn't be detected.
ReplyDeleteAnd I've seen at least one story that the company knew about the breach shortly before the ransomware was unleashed but didn't warn people.