In July of 2021, Kaseya, a Florida based software provider that provides Remote Management Monitoring, reported ransomware attacks for its end users. The REvil ransomware group claimed responsibility for stealing/encrypting over a million users’ data. Since Kaseya is used in companies across the country, this was a lucrative attack affecting a large population, spelling a bigger payoff for the hacking group. The response by users of the software was to immediately disconnect, and rightfully so.
Ransomware attacks are on the rise with dozens of large-scale attacks stealing data, encrypting it, and offering the encryption key as a “ransom” for a hefty sum totaling likely millions, if not, billions of dollars.
What’s interesting is that this attack and recent ones shatter popular conceptions about how hackers work. Here’s what makes this attack different:
This isn’t the old popup malware of the 2000s where low-level hacking occurred. Back then the defense was basic antivirus software and good judgment. This is organized cybercrime. It shatters the stereotypes of an automated lone wolf hacker in a basement buying cheap hacking programs. The group that hacked Kaseya was organized, well-funded, and sold their data to third parties for financial gain. Underestimating this reality is a security mistake, and companies need to be ready with the best cybersecurity available to keep their data secure.
Groups are hacking, then selling to third parties for ransoming
It’s a business now to hack and sell the data to third party buyers on the black market. That’s where the hackers make their money, and it reduces liability at some level. What this means is that the group asking for a ransom is likely not the group that hacked and stole the data. Often the end users are notified by third parties asking for a ransom in exchange for their now encrypted data. If there’s no air gap measure taken, then companies have no other choice in recovering their hacked data, and ransoms can easily get into the millions.
Setup fail safes outside of even the most credible software
Active measures need to be taken. PEN testing, ethical hacking, professional oversight of data management, and up to date cybersecurity measures are all necessary to truly ensure a company’s data is secure. Data is now worth millions since it’ll likely be ransomed for that amount, and it needs to be treated as such. Cyber Insurance can offset the costs but no company wants to risk getting to that point where a negotiation of a ransom with an insurance company and the hacker who’s ransoming the data.
The takeaways are clear. Hacking has evolved, and an even greater menace to vulnerable companies. Businesses should secure their data beyond the regular measures of antivirus software, and there should always be an air gap available. The leverage a hacker has cannot be understated, they have all your data, it’s encrypted, and there’s no copy of it if air gap measures haven’t been taken.
BNC can help get your business secure. We provide IT services in Denver, Dallas, and Austin, and can audit your security, run PEN tests on your system looking for vulnerabilities, and provide solutions on being secure and ready for ransomware attacks like at Kaseya. BNC provides on-site and remote support from a dedicated IT engineer. Get in touch with BNC today to see if we can help.