Largest Ever Ransomware Attack Strikes 1,500 Businesses

Posted July 13, 2021

Recently a ransomware group, utilizing ransomware-as-a-service, found an authentication bypass or vulnerability in Kaseya’s platform that allowed them to log in without any credentials. Kaseya is a U.S. based software company that develops software for managing networks, systems, and information technology infrastructure. After gaining access, the ransomware group began a sophisticated attack that allowed them to interfere with the Kaseya update process — similar to the SolarWinds hack in 2020. During the software update process, the malicious ransomware code was then deployed to Kaseya MSP (Managed Service Provider) clients and ultimately to end-users. About 1,500 companies in total were compromised all from one attack. To date, it is the largest attack of all time.

Kevin Mitnick, who has made the FBI’s 10-most Wanted List and has twice been convicted and jailed for cyber crimes but is now a trusted security consultant, called the attack super sophisticated. The ability of the attackers to evade antivirus while also exploiting a zero-day vulnerability to allow network distribution at scale supports Mitnick’s classification.

The attack took place over the long 4th of July weekend as hackers likely assumed many IT security desks would be short-staffed. Many industries were targeted including finance, legal, healthcare, and even defense contractors and federal entities.

Ransomware is an increasingly common method of attack for hackers against individuals, SMBs, and enterprises alike. While the first incidents of ransomware were discovered as early as 2005, the last three years have seen this type of threat explode in popularity and compromise millions of computers and mobile devices around the world.

The traditional advice in defending against these types of attacks includes persistent reminders to educate users, perform regular software updates and back up all critical devices. All great best-practice rules to live by, but these tips only provide a minimal, first level of defense against an advanced attack. Experts also agree that a layered approach to security is key to an active defense against ransomware. WatchGuard Total Security Suite, available with all Firebox appliances, provides strong defenses against advanced malware and ransomware. Security controls included in the Total Security Suite, such as WebBlocker, APT Blocker, and Host Ransomware Prevention, help to detect and prevent common methods of ransomware attacks.

The Host Ransomware Prevention (HRP) feature of Threat Detection and Response enables industry-leading prevention against ransomware attacks. HRP blocks the execution of ransomware before any file encryption on the endpoint takes place, mitigating the attack before any data is lost or damage is done.

APT Blocker is a dynamic sandboxing solution providing detailed visibility and analysis into the execution of malware. If the file has never been seen before, the files are detonated in a virtual environment to analyze the behavior and determine the threat level, protecting against advanced malware and zero-day threats.

If you are ready to take the next step in securing your data and systems, contact us we’re here to help. To learn more about the attack, check out the WatchGuard webinar hosted by CSO Corey Nachreiner and Technical Security Operations Manager Marc Laliberte. They cover the attack timeline, technical details on the vulnerabilities exploited, and what you can do to further protect your data from similar attacks.

Kevin Willette

Kevin Willette is Partner / CEO of Verus Corp. His focus is ensuring complete customer satisfaction and providing as much or as little support as is needed for the individual client. Kevin knows that plenty of places do IT services, but what sets Verus Corp apart is the local feeling and the commitment to doing things right the first time. He has always wanted to be a business owner because it affords him the opportunity to offer a service that was better than anything clients had seen before. His true goal is to help customers make their businesses better by removing potential IT barriers. Kevin served as chair for Habitat for Humanity during his time at Minnesota State University, Mankato. He has also served on the WatchGuard Advisory Council since 2016. Kevin’s work with Verus Corp has helped them achieve awards as the WatchGuard Partner of the Year and Cisco Select Partner. Kevin graduated from Minnesota State in 2000 with a major in Business Marketing and minors in Business Administration and Music.