The REvil ransomware attack on Kaseya’s VSA product is estimated to have affected over 1,000 companies globally, but the impact on UK organisations currently appears limited.
The UK’s National Cyber Security Centre (NCSC) has issued a statement in the wake of the supply chain attack on management software provider Kaseya, which has impacted more than 1000 businesses globally. So far, impact on UK businesses is “limited,” the NCSC said in a statement, adding that their “work is ongoing and [they] remain vigilant to any threats.”
“We are actively working to fully understand this incident and mitigate potential risks to the UK,” NCSC said. “We encourage Kaseya customers to read the company’s incident update page, which recommends that people who have been affected do not click on any links emailed to them by the attackers as they could be malicious.”
Updates on the Kaseya attack
On its incident update page, Kaseya shines some light on the extent of the impact: “To date, we are aware of fewer than 60 Kaseya customers, all of whom were using the VSA on-premises product, who were directly compromised by this attack. While many of these customers provide IT services to multiple other companies, we understand the total impact thus far has been to fewer than 1,500 downstream businesses. We have not found evidence that any of our SaaS customers were compromised.”
Kaseya adds that it has received no new reports of compromises for VSA customers since Saturday 3 July and that it is working to get a patch out to customers.
“The patch for on-premises customers has been developed and is currently going through the testing and validation process,” writes Kaseya on its update page. “We expect the patch to be available within 24 hours after our SaaS servers have been brought up. The current estimate for bringing our SaaS servers back online is July 6 between 2:00 PM – 5:00 PM EDT. These times may change as we go through the final testing and validation processes.”
Growing threat of supply chain attacks
The Kaseya attack is not the first example of a prolific ransomware group targeting a software provider to infect a vast number of other organisations. In December 2020, a group believed to be Russia’s Cozy Bear gained access to government and other systems through a compromised update to SolarWinds’ Orion software. Such incidents are only likely to become more common as companies increasingly entrust significant elements of their services to third parties and suppliers, highlighting the increasing need for early supply chain threat detection capabilities and ransomware preparedness within businesses.