Small businesses don’t always believe that they are targets for hackers. Just because you think the information you own isn’t that valuable, that information has value to someone who is willing to pay for it. So, how does this relate to the Kaseya security breach?
About the Kaseya Security Breach
Kaseya is a leading provider of IT and cybersecurity solutions for managed service providers (MSPs) and small- to medium-sized businesses (SMBs). On the weekend of July 4th, a hacker group called REvil hacked Kaseya. Kaseya immediately responded by shutting down access to the compromised software.
Kaseya was the main target of REvil’s ransomware attack. However, Kaseya’s attack quickly spread through its supply chain. Also, it affected the MSPs who used Kaseya’s software to service clients. Kaseya says they believe the breach affected 50 of their direct customers and compromised between 800-1,500 businesses.
This attack will be costly, but it’s unknown if Kaseya or small businesses will carry the brunt of it. Initially, REvil was asking MSPs for a ransom of $5 million for a decryption tool and a $44,999 ransom from each of their customers.
Here’s the twist.
This $44,999 ransom was for unlocking files within the same extension, but many victims owned encrypted files with multiple file extensions. REvil claimed to encrypt over 1 million systems using a custom decryption key. Their universal decryptor’s price tag dropping from $70 million to $50 million during negotiations with Kayesa.
What This Means for Businesses
The majority of these MSPs’ customer base are SMBs who have outsourced their IT support. Many of these SMBs have less than 30 employees and include dental offices, small accounting offices, and local restaurants. Said Bryson Bort, founder and CEO of Scythe, remarked that any operation, no matter the size, is a cyber threat target. This is especially true if they’re within a supply chain network.
Small businesses have another scary fact to consider: 60% of small businesses close their doors within 6 months of a breach. Plus, ransomware costs (like downtime and efforts to fix their systems) can add up quickly, which can harm small businesses.
The Takeaway from the Kaseya Breach
The Kaseya breach shows any company is vulnerable to a cyberattack, either directly or indirectly by a third-party provider. For small businesses, take care by asking your partners about their cybersecurity best practices. In addition, CISA and the FBI have made the following tips to Kaseya end-users affected by this attack:
- Ensure backups are current and stored with easy access in a location that is air-gapped from the company’s network;
- Return to a manual patch management process that follows your vendor’s cybersecurity guidelines, including installing new patches as soon as they become available;
- Use MFA and PoLP on key network resources and admin accounts.