Largest Ever Ransomware Attack Strikes 1,500 Businesses
Recently a ransomware group, utilizing ransomware-as-a-service, found an authentication bypass or vulnerability in Kaseya’s platform that allowed them to log in without any credentials. Kaseya is a U.S. based software company that develops software for managing networks, systems, and information technology infrastructure. After gaining access, the ransomware group began a sophisticated attack that allowed them to interfere with the Kaseya update process — similar to the SolarWinds hack in 2020. During the software update process, the malicious ransomware code was then deployed to Kaseya MSP (Managed Service Provider) clients and ultimately to end-users. About 1,500 companies in total were compromised all from one attack. To date, it is the largest attack of all time.
Kevin Mitnick, who has made the FBI’s 10-most Wanted List and has twice been convicted and jailed for cyber crimes but is now a trusted security consultant, called the attack super sophisticated. The ability of the attackers to evade antivirus while also exploiting a zero-day vulnerability to allow network distribution at scale supports Mitnick’s classification.
The attack took place over the long 4th of July weekend as hackers likely assumed many IT security desks would be short-staffed. Many industries were targeted including finance, legal, healthcare, and even defense contractors and federal entities.
Ransomware is an increasingly common method of attack for hackers against individuals, SMBs, and enterprises alike. While the first incidents of ransomware were discovered as early as 2005, the last three years have seen this type of threat explode in popularity and compromise millions of computers and mobile devices around the world.
The traditional advice in defending against these types of attacks includes persistent reminders to educate users, perform regular software updates and back up all critical devices. All great best-practice rules to live by, but these tips only provide a minimal, first level of defense against an advanced attack. Experts also agree that a layered approach to security is key to an active defense against ransomware. WatchGuard Total Security Suite, available with all Firebox appliances, provides strong defenses against advanced malware and ransomware. Security controls included in the Total Security Suite, such as WebBlocker, APT Blocker, and Host Ransomware Prevention, help to detect and prevent common methods of ransomware attacks.
The Host Ransomware Prevention (HRP) feature of Threat Detection and Response enables industry-leading prevention against ransomware attacks. HRP blocks the execution of ransomware before any file encryption on the endpoint takes place, mitigating the attack before any data is lost or damage is done.
APT Blocker is a dynamic sandboxing solution providing detailed visibility and analysis into the execution of malware. If the file has never been seen before, the files are detonated in a virtual environment to analyze the behavior and determine the threat level, protecting against advanced malware and zero-day threats.
If you are ready to take the next step in securing your data and systems, contact us we’re here to help. To learn more about the attack, check out the WatchGuard webinar hosted by CSO Corey Nachreiner and Technical Security Operations Manager Marc Laliberte. They cover the attack timeline, technical details on the vulnerabilities exploited, and what you can do to further protect your data from similar attacks.