Kaseya customers ransomware attack
-
@pete-s said in Kaseya customers ransomware attack:
The timing of the attack can't be a coincidence.
Not likely, no. These attacks are planned for times when people are less likely to be around to mitigate things quickly.
-
It's not only the US that is hit. Due to affected POS systems 800 supermarkets in Europe are also shut down.
-
Well this is becoming a fine mess rather quickly.
How much business will Kaseya lose in the fall out? -
The real problem I think is not to protect yourself from ransomware - I don't think that is possible. Not with zero-day exploits and the amount of places where an organization can be attacked.
The real problem is the recovery.
"In many cases, backup servers are also targeted during network-based ransomware attacks highlighting the importance of a regularly tested offline backup and recovery strategy."
From Cisco Talos:
https://blog.talosintelligence.com/2021/07/revil-ransomware-actors-attack-kaseya.html -
@pete-s said in Kaseya customers ransomware attack:
The real problem is the recovery.
I disagree. Your company being shut down due to ransomware is absolutely avoidable when you don't use technology, infrastructure design, and security practices that's incredibly prone to it in the first place.
-
@obsolesce said in Kaseya customers ransomware attack:
@pete-s said in Kaseya customers ransomware attack:
The real problem is the recovery.
I disagree. Your company being shut down due to ransomware is absolutely avoidable when you don't use technology, infrastructure design, and security practices that's incredibly prone to it in the first place.
It's not that simple. Let me provide you with some info from FBI's cybersecurity team (IC3):
"As ransomware techniques and malware continue to evolve and become more sophisticated, even the most robust prevention controls are no guarantee against exploitation. This makes contingency and remediation planning crucial to business recovery and continuity. Those plans should be tested regularly to ensure the integrity of sensitive data in the event of a compromise."
So of course you have to do what you can to prevent cyberattacks. But I think businesses have to be really prepared for a total restore av all their systems from offline backup. If they're not, it's going to take a VERY long time to recover. Like weeks or months.
Then when something happens, you of course HOPE that you don't really need to restore everything. And that not all of your systems have been affected.
Problem is that when something serious happens, you need to shutdown everything. Because you don't know what is affected and what is not. So even an attack that is limited and only affects a part of your infrastructure, will cause downtime and cost money.
-
@pete-s said in Kaseya customers ransomware attack:
@obsolesce said in Kaseya customers ransomware attack:
@pete-s said in Kaseya customers ransomware attack:
The real problem is the recovery.
I disagree. Your company being shut down due to ransomware is absolutely avoidable when you don't use technology, infrastructure design, and security practices that's incredibly prone to it in the first place.
It's not that simple. Let me provide you with some info from FBI's cybersecurity team (IC3):
"As ransomware techniques and malware continue to evolve and become more sophisticated, even the most robust prevention controls are no guarantee against exploitation. This makes contingency and remediation planning crucial to business recovery and continuity. Those plans should be tested regularly to ensure the integrity of sensitive data in the event of a compromise."
So of course you have to do what you can to prevent cyberattacks. But I think businesses have to be really prepared for a total restore av all their systems from offline backup. If they're not, it's going to take a VERY long time to recover. Like weeks or months.
Then when something happens, you of course HOPE that you don't really need to restore everything. And that not all of your systems have been affected.
Problem is that when something serious happens, you need to shutdown everything. Because you don't know what is affected and what is not. So even an attack that is limited and only affects a part of your infrastructure, will cause downtime and cost money.
I agree a company should always have a back up of their data needed to run the business. That's just an of course thing. But that's not what I'm talking about at all...
-
We used to use Kaesya (well our MSP did). Now on Datto RMM
-
@pete-s said in Kaseya customers ransomware attack:
So of course you have to do what you can to prevent cyberattacks. But I think businesses have to be really prepared for a total restore av all their systems from offline backup. If they're not, it's going to take a VERY long time to recover. Like weeks or months.
Of course. But that's been the case for forever. It's just called "having backups." That's why everyone keeps pointing out that it is ransomware exposing just how many companies were running with only their live data and no actual backups.
-
@pete-s said in Kaseya customers ransomware attack:
The real problem I think is not to protect yourself from ransomware - I don't think that is possible. Not with zero-day exploits and the amount of places where an organization can be attacked.
Not entirely, of course not. But you can do a LOT to make ransomeware dramatically less likely (nearly all attacks use the same handful of vectors, all of which are legacy artefacts), and make it ineffective (have backups.) You can't stop it, but you can make yourself a worthless target.
-
@pete-s said in Kaseya customers ransomware attack:
It's not only the US that is hit. Due to affected POS systems 800 supermarkets in Europe are also shut down.
Only 500 out of 800, I thought.
-
@jaredbusch said in Kaseya customers ransomware attack:
@pete-s said in Kaseya customers ransomware attack:
The timing of the attack can't be a coincidence.
Not likely, no. These attacks are planned for times when people are less likely to be around to mitigate things quickly.
That's a big part of the strategy. They even talk about that in the general media, about how many of the security teams are given holidays and won't bother being available if their company or customer is attacked during a holiday.
-
@scottalanmiller said in Kaseya customers ransomware attack:
@pete-s said in Kaseya customers ransomware attack:
The real problem I think is not to protect yourself from ransomware - I don't think that is possible. Not with zero-day exploits and the amount of places where an organization can be attacked.
Not entirely, of course not. But you can do a LOT to make ransomeware dramatically less likely (nearly all attacks use the same handful of vectors, all of which are legacy artefacts), and make it ineffective (have backups.) You can't stop it, but you can make yourself a worthless target.
Also, another big thing @Pete-S might not be considering, is that restoring from backup typically means there will be guaranteed data loss. When you use legacy tech and practices, it most certainly means your backups are not up to date at every microsecond of the day. So when you do get ransomware (because you definitely will when your focus is on the wrong thing regarding ransomware), and you have to restore, you better hope all your data was just backed up 1 microsecond ago, and that it only took 1 microsecond to perform the backup, and that it's inaccessible to ransomware. Otherwise, you are losing data anyways.
You can totally avoid ransomware by not focusing on backups as a way to avoid ransomware. All you have to do is not use anything that is vulnerable to it. Some people find that very hard to understand, despite how easy it is to do. Ransomware is a legacy tech concern, not a modern one.
-
@obsolesce said in Kaseya customers ransomware attack:
Ransomware is a legacy tech concern, not a modern one.
What do you mean by modern? Are you talking about running kubernetes in the cloud or something else that would not be subject to ransomware?
-
@obsolesce said in Kaseya customers ransomware attack:
You can totally avoid ransomware by not focusing on backups as a way to avoid ransomware. All you have to do is not use anything that is vulnerable to it. Some people find that very hard to understand, despite how easy it is to do. Ransomware is a legacy tech concern, not a modern one.
Well, EVERYTHING is subject to it, lol. There's no type of workload that isn't. Anything that is stored on disk can be compromised. And all data has to be stored.
Some things are just asking to get compromised. Some things are super hard. Some things are really valuable to compromise. Some things are worthless. But nothing anywhere is completely immune.
-
@pete-s said in Kaseya customers ransomware attack:
@obsolesce said in Kaseya customers ransomware attack:
Ransomware is a legacy tech concern, not a modern one.
What do you mean by modern? Are you talking about running kubernetes in the cloud or something else that would not be subject to ransomware?
That would be. Even a totally stateless system (what purpose would that ultimately serve) theoretically will still be impacted, if only a little. But there's no such thing as a totally stateless system. Even the most stateless server still has to pull its install image, Docker image, whatever from some kind of stateful system. Ransom that system and you have a big impact even to a system that doesn't seem to store any data at all.
-
@scottalanmiller said in Kaseya customers ransomware attack:
Well, EVERYTHING is subject to it, lol.
Obviously. I'm saying for all intents and purposes.
-
@pete-s said in Kaseya customers ransomware attack:
@obsolesce said in Kaseya customers ransomware attack:
Ransomware is a legacy tech concern, not a modern one.
What do you mean by modern? Are you talking about running kubernetes in the cloud or something else that would not be subject to ransomware?
I'm not talking about any specific product, e.g. K8s... Even with that, you could still implement poor data storage using legacy practices and technologies.
Think about it.
What important company data is being ransomware'd.... where is this data? How is the data presented? How did ransomware effect it? What technologies were used to provide and/or host the data?