Small businesses don’t always believe that they are targets for hackers. Just because you think the information you have isn’t that valuable, that information has a value to someone who is willing to pay for it. So, how does this relate to the Kaseya breach?
Yes, Kaseya was the initial target of the REvil group’s ransomware attack, but that attack quickly spread through the supply chain affecting the MSPs who used Kaseya’s software to service clients. In a press release, Kaseya says that they believe the breach affected 50 of their direct customers, with somewhere between 800 to 1,500 businesses having been compromised.
The majority of these MSPs’ customer base are SMBs who have outsourced their IT support. Many of these SMBs have less than 30 employees, and include, dentists’ offices, small accounting offices and local restaurants. Said Bryson Bort, founder and CEO of cybersecurity company Scythe: “There’s nobody that’s too small to be attacked, and as supply chain attacks like this show, a whole bunch of those small companies can be swept into the same net.”
Small businesses that suffer a breach also have another scar statistic to think about: 60% of small businesses go out of business within 6 months of a breach. Ransomware costs, as well as downtime and efforts to restore systems, all add to the breach cost, which can be crippling for a small business.
This breach will be costly, but it remains to be seen if Kaseya or small businesses will bear the brunt of it all. Initially, REvil was asking MSPs for a ransom of $5 million for a decryption tool and a $44,999 ransom from each of their customers. However, the $44,999 demand was for unlocking files with the same extension, and many victims were encrypted with more than one file extension. REvil has also offered to negotiate with Kaseya for a universal decrypter for $50 million, down from an initial demand of $70 million.
As you can see, the Kaseya breach shows that any enterprise, big or small can be affected by a cyberattack, directly or indirectly through a third-party service provider. For small businesses, do your due diligence by asking your partners about their cyber security best practices. In addition, CISA and the FBI have made the following recommendations to Kaseya end users affected by this attack:
- Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organizational network;
- Revert to a manual patch management process that follows vendor remediation guidance, including the installation of new patches as soon as they become available;
- Implement MFA and principle of least privilege on key network resources admin accounts.
If you have questions about the Kaseya breach, or third party security, please don’t hesitate to contact Quick Intelligence.