The latest ransomware attack on Kaseya Virtual System Administrator (VSA) is estimated to cause havoc to thousands of businesses, including small and medium enterprises. The ransomware attack will also affect veterinary practices and is already causing damage to the IT infrastructure of these practices that were running the Kaseya VSA.
Background of the Kaseya VSA attack
On July 3rd, news reports started streaming in that at least 200 US organizations had been compromised by a ransomware attack. The reports attributed the attack to a Russian cybercriminal gang known as REvil, the same gang that attacked JBS meatpackers last month and extorted $11 million from them.
Kaseya VSA, which is commonly used by Managed Service Providers (MSPs) i.e IT Companies, in the US and the UK and has over 40,000 clients, according to its website, was compromised using a supply chain auto-update attack. This happened after users tried to update their systems to the latest version. The process was intercepted by the REvil cybercriminals, who were then able to run their ransomware script during the auto-update.
The effectiveness of the attack was a result of how MSPs work. By design, they have administrators’ rights down to clients, meaning that once Managed services Providers are infected, they end up infecting even their clients’ systems. This has resulted in thousands of computer systems being infected by the ransomware.
According to DoublePulsar The delivery of the ransomware is through a fake Kasaya VSA update, which helps the REvil cybercriminal gang to gain access to your system. Once they gain access, administrator access to the VSA platform is revoked by the cybercriminals and a new task called “Kaseya VSA Agent Hot-fix” is added to the system.
The fake update is then deployed across all computer systems, including systems of clients & veterinary hospitals of the IT companies using Kasaya tools.
Why should Veterinary practices be concerned
Chances are that if you have a computer network and use managed services such as remote access tools to access devices such as printers, you have come across Kaseya products. It is also possible that you may be consuming Kaseya VSA products through third-party Managed Service Providers unaware.
The latest attack on Kaseya VSA also meant that businesses, veterinary practices, and individuals connected with computer systems that had Kaseya and had been compromised also stood to be compromised by the same ransomware.
The ability of the supply chain attacks to have ransomware propagate itself and push through computer systems, to infect as many computer systems as possible, means that your veterinary practice computer systems may be at risk. Reports also indicated that the Kaseya VSA ransomware attack was also attempting to tamper with other products on computer networks to look for vulnerabilities and continue to spread throughout the network.
Statement from Kaseya
Upon realizing that their systems had been compromised, the company admitted to the public that their systems had been compromised. They continued by reassuring their customers that they were working on establishing the root cause of the incident.
In the meantime, they urged all their customers, including other Managed Service Providers that used their Kaseya VSA, to immediately shutdown their servers as they worked to rectify the ransomware issue.
The statement also indicated that the company had managed to intercept the problem at onset, and therefore, they had prevented much more damage. They also indicated that they had identified the source of the attack and were working on releasing a patch for their software products.
Veterinary practices takeaways from the Kaseya VSA attack
The attack on Kaseya offers us an opportunity to have a glimpse of what large scale ransomware attack will look like for small and medium veterinary practices.
Take the case of Sweden’s largest grocery chain, Coop, which became a victim of the Kaseya attack, and resulted in temporarily closing almost all of their 800 stores countrywide. The grocery store company was infected because they were using services from an online company Visma EssCom, which also provides managed services to more than 200 companies in 20 countries. Thanks to the attack, all these companies were warned by Visma EssCom that they could not use their services and cash registers because they had been compromised by the ransomware.
By no fault of their own, Visma EssCom customers had fallen victims to a cyberattack resulting from supply chain services and software.
For veterinary practices and practice owners, having your data backups up to date and a ready policy on what to do after a ransomware attack. The Kaseya attack and the profile of the businesses that the REvil gang was going after were also an indication of a change of tact, where small and medium businesses affected systems were being asked to pay upwards of $40,000 to get their systems back.
It is also a wake-up call for practice owners to take note of the escalating war from the cybercriminals and the lengths they are willing to go to make money.
The biggest takeaway from the Kaseya VSA attack, however, is that for many, the success of the attack was unavoidable and the cybersecurity compromise was by no fault of their own. For victims who had not backed up their data, had no anti-malware installed in their systems, and had no policy of what to do during and after an attack, the consequences have been dire for their IT infrastructure.
Having a trusted IT security expert for your veterinary practice can be the only way to come out of such an attack unscathed or with minimal damage. For veterinary practices that have been compromised by the Kaseya VSA attack, consulting an IT expert to deal with the attack may be the panacea to your problems.
What can you do to protect your self and your veterinary hospital?
As the white house stated in June 2021. Make sure to test your IT teams security work and backups. It’s no longer good enough to say “Our IT guy has us covered.” You need to make sure you are covered and that you can get out of an attack.
Have Lucca check your health status. Don’t have the time or the insights to make sure that you are protected in the event your IT guy gets hacked? Have Lucca perform a cyber security audit to give you insights into your current weaknesses and gaps. Schedule your FREE consultation call today to learn more.