Auxiom Logo Outsmart Chaos Gold

Kaseya Supply Chain Ransomware Attack – Cybersecurity News

Cybersecurity News

Auxiom’s CEO Matt Loria was a guest on WJR NewsTalk 760 on Tuesday, July 6, 2021, to talk about the recent Kaseya Ransomware Attack. Technology firm Kaseya says that around 1,500 businesses were impacted as a result of an attack on its Remote Device Management software.

Listen as Matt goes into more detail about what the ransomware attack was, what the cybercriminals went after, his thoughts on how attacks like this should be handled, how they can trickle down, and what you can do to guard against an attack like this.

Learn more about Kaseya Ransomware Attack the attack here.

(or read the entire transcript below)

You can listen to Matt’s interview with WJR NewsTalk 760 here:

Matt Loria on WJR NewsTalk 760 July 6, 2021 by Auxiom
  • Matt Loria on WJR NewsTalk 760 July 6, 2021

Read the transcript of Matt Loria’s interview with Kevin Dietz regarding the Kaseya Ransomware Attack now:

Kevin Dietz @ WJR NewsTalk 760
This recent attack on Kaseya is the largest attack on record and is now demanding $70 million to restore data that they are holding hostage. The ransomware attack is likely affecting thousands of targets and hundreds, hundreds of US companies. The attack is linked to the same Russian group, which extorted $11 million from meat processor JBS earlier this year, president Biden avoided directly accusing Russia until a probe of the attack is complete, but he did say the US would respond if it is determined that the Kremlin is at all involved in this particular attack. Joining us now is Matt Loria CEO of Auxiom. Welcome to the show, Matt.

Matt Loria @ Auxiom
Hi Kevin. Thanks for having me.

Kevin Dietz @ WJR NewsTalk 760
Uh, yeah, this is a massive problem that, uh, people are going to have to pay attention to because it keeps coming back. Tell us about this attack, which company was under attack and what did they do?

Matt Loria @ Auxiom
Okay. Uh, well this attack, I mean, luckily it’s not one on the general public, however, it, it will certainly affect the general public, but this attack was on a company called Kaseya and a tool that they make that, that allows companies like mine, and also, IT departments all across every, you know, every type of company there is out there, to be able to fix your computer, to be able to remotely monitor and manage, manage your computer, we call these RMM tools. So you might recognize this when you call the help desk and you say, “Hey, I can’t figure this out on my computer.” And the person says, “Oh, let me remotely connect to your computer, Kevin.” And it’s, it’s that type of software that was affected.

Kevin Dietz @ WJR NewsTalk 760
And then they must have just hundreds of clients then, and somehow they were able to, uh, get control or lock users out.

Matt Loria @ Auxiom
Oh yeah, this one, actually, they have hundreds of thousands of, of clients. Actually, there they’re one of the, one of the top three RMM tool providers out there. There’s, there’s three of them out there, and this is one of the biggies. But this is considered what’s called a “supply chain attack”. So what, what these guys did here is they, they basically used Kaseya as the waypoint into all these hundreds of thousands, if not millions of end computers that are, that are owned by these companies.

Kevin Dietz @ WJR NewsTalk 760
And so, what is the impact on these companies that work with Kaseya?

Matt Loria @ Auxiom
Well right now, what we know is, is that let’s say your company worked with Kaseya, your computer could quite frankly be locked down, your individual computers. So, they didn’t attack the servers here. They attacked the end computers, which means these things are actually bricks until, until either the ransom is paid or the, the code is cracked to get back into them. Or the other option is that the IT departments basically rebuild each of those individual computers.

Kevin Dietz @ WJR NewsTalk 760
And when you say you, you mean the company. So, all of their clients, now ultimately could be impacted or that business itself can’t business until it solves this problem.

Matt Loria @ Auxiom
You bet. So, you know, if your radio station was one of the, one of the customers of Kaseya, you know, quite possibly every computer in your organization could be, could be locked down at this point.

Kevin Dietz @ WJR NewsTalk 760
And I know Kaseya went to the White House and reported this as happening, they’ve been asked to come up with $70 million, but they’ve also, my understanding is this ransomware operation has told individual companies that do business with Kaseya that they could pay their own fine or fee or ransom, however you wanna describe it, and they would individually unlock, specific companies that would pay ransom. And, and it seems like this is something that companies are deciding. It might be less expensive and easier to pay the ransom then to be, to have their business shut down.

Matt Loria @ Auxiom
Yeah. I mean, it’s a, you know, it’s a dollars and cents decision there, right? That that these companies are tasked with, but just a month or so ago, the US government came out and said, you know, that they’re not endorsing that companies actually would pay ransoms any longer. So for the longest time, the insurance companies, the FBI and individual companies were, were all suggesting that they could just pay the ransom and move on. And that’s not the stance any longer.

Kevin Dietz @ WJR NewsTalk 760
And so, if you’re a customer of Kaseya, I mean, you, you trust that they’re going to be able to protect you and your information. And you’re sort of, you’re sort of stuck. You didn’t do anything wrong necessarily, but here you are in the middle of this massive ransom. Do you encourage Kaseya to pay it, or do you, uh, encourage the White House and president Biden to, to take a more aggressive approach and in solving this problem where, I mean, what do you do if you’re a business and you’re just stuck in the middle.

Matt Loria @ Auxiom
Yeah. I mean, that’s a tough one. I mean on the larger scale, certainly this is like being attacked by, you know, by invaders. So, absolutely I would, I would suggest that the government has to take a very firm stance and also has to jump in to help with the remediation of these types of attacks. But also, you know, it’s on the companies like, you have to have the right type of security and to be constantly, constantly checking and having third parties check into the efficacy of their security. So, it’s kind of like everything with security. It’s always a multi-pronged approach. You know think about it at your house. You have a door, but you also have door locks, and then you have an alarm. So, it’s not a one size fits all, or a single answer that gets us to the remedy.

Kevin Dietz @ WJR NewsTalk 760
And you said, while this isn’t necessarily impacting the general public – it could be, and also this is reported as the largest ever, I mean, that’s gotta be a pretty massive number for, for them to throw out large stuff. We’ve heard about so many huge, attacks and ransomware attacks.

Matt Loria @ Auxiom
Yeah. This one, I mean, if you think about it, Kaseya estimated they are servicing about a million end points. So they’re saying this could be, if you look at $45,000 per endpoint, that the bad guys are looking for, I mean, this could be a $45 billion endeavor for them. So I would say that yeah, judging by what I’ve read and what I know about the industry, this is the biggest one.

Kevin Dietz @ WJR NewsTalk 760
Wow. And eventually can this trickle down to the general public, this particular attack?

Matt Loria @ Auxiom
Yeah, sure. Because, you know, think about anything that you might buy or any company that you might interact with, you know if you’re a bank, or if you’re a grocery store or whomever, right. That the general public may interact with, you know, it’s using this tool, which by the way, it’s not a bad decision for them to have been using this tool. This is one of the top three. But, you or me as an end-user or as a, as a customer of those companies, we can certainly be affected. So the trickle down is there, so while it didn’t necessarily take out an individual’s PC, you know and the only effect of the companies, certainly we could all see all the ripples of that.

Kevin Dietz @ WJR NewsTalk 760
Wow. And I guess since we’re talking about the general public, what are some of the things we should be doing? Even though this particular attack was that was towards companies? What are some of the things we should be doing to protect our own personal information? How can we, you know, have best practices, I guess, in keeping our information secure?

Matt Loria @ Auxiom
Yeah. Good, great question. You know, like I said, security is something that performs best in layers. And so a few different things. I mean, any system that you have access to that offers a dual factor authentication, that little thing where they say, “we’re going to send you a text with a code plus your password.” So that’s something, which is your password versus something you have, which is the little key that they text you or send you, having that enabled on any system possible. Please do that. Also, having a good antivirus system, we recommend one called Web Root because it’s a behavior based antivirus system that basically looks at things and says, “boy, that’s weird, but let’s block it,” instead of just looking for a known definition. And then back up. Everybody’s heard about backup, have your systems backed up, whatever’s important to you back it up, whether it’s your pictures, your email and whatnot.

And don’t assume that just because you use Microsoft office, or because you use Google that they’re backing up your information. You have to be a good steward of your data and you have to employ a third-party software for that, so there’s – folks can reach out, we can guide them along that, but, and if you’re a business, you MUST have cyber liability and cyber theft insurance coverage. It is an absolute must, is not a nice to have it’s a must because you’re going to get hit eventually.

Kevin Dietz @ WJR NewsTalk 760
All right, Matt Loria CEO of Auxiom. Thanks for your time today.

If you are a business owner or manager and would like to learn more about steps you can take to keep your business systems and data safe, check out Auxiom’s Cybersecurity Solutions now.

You can listen to other WJR NewsTalk interviews here and here.
Auxiom is The Gold Standard in Business IT. Led by IT industry veterans with a passion for providing people-focused IT Solutions. Auxiom is a world-class provider of Managed IT Services, IT outsourcing, IT consulting, cloud computing, hosted applications, and other advanced business technology solutions. We help clients remove IT issues and security concerns with solutions, services, proactive planning, and budgeting.

Author

Related Posts

Tipping the Scales on Remote Legal Services

Key insights from IBM’s 2023 Cost of a Data Breach Report and the American Bar Association’s guidance on data breach preparation, offering crucial information for law firms to protect client data and efficiently respond to potential breaches.

Read More »