While most of us were barbecuing and watching fireworks this past 4th of July weekend, cybercriminals were busy implementing a ransomware attack that has affected thousands of users. One report claims that over 1 million computers have been affected. When the dust finally settles, we will get a better idea of just how widespread the attack was but one thing we know is that fallout will be far-reaching.  

What Happened

Criminals connected to the REvil cybergang claimed to have unleashed a massive cyber attack against software developer Kaseya. Kaseya’s RMM (Remote Monitoring and Management Software) is used by Managed Service Providers. The attack, considered to be one of if not the largest ransomware attacks on record, has affected banks, financial services providers, travel and leisure companies, and even public sector companies. 

We have confirmed that cybercriminals have exploited an arbitrary file upload and code injection vulnerability and have high confidence an authentication bypass was used to gain access into these servers. The brazen attack has drawn the attention of the FBI and CISA, who have reached out to the identified victims and offered support. 

The attack came as researchers from the Dutch Institute for Vulnerability Disclosure (DIVD) revealed that they had also discovered the vulnerability in Kaseya’s software and were in the process of addressing it. The cybercriminals beat them to the punch and in a post on REvil’s “Happy Blog” made the claim that they have infected over a million devices and demanded $70 million in Bitcoin to publish the “decryptor” that would allow the affected parties to recover their files. 

Who Was Affected by The Ransomware Attack?

One of the largest grocery store chains in Sweden was forced to close most of its 800 locations as the ransomware attack affected its cash registers, preventing them from opening and grinding operations to a halt. It is predicted that as most US businesses reopen today after the holiday weekend, more victims will be discovered. 

Kaseya’s servers remain offline as of the time this article was written and the company says it will issue a timeline for restoration but this is of little comfort to the businesses that have been affected by this latest in a stream of ransomware attacks. 

An Analysis of The Attack

Based on initial analysis, it is believed that the ransomware attackers deployed a malicious dropper via a PowerShell script that was executed via Kaseya’s software. 

The script then disabled Microsoft Defender for Endpoint protection and then utilizedcertutil.exe utility to decode a malicious executable (agent.exe) that drops a legitimate Microsoft binary (MsMpEng.exe, an older version of Microsoft Defender) and malicious library (mpsvc.dll), which is the REvil ransomware. This library is then loaded by the legitimate MsMpEng.exe by utilizing the DLL side-loading technique (T1574.002) 

Huntress has been hard at work to discern the source and method of this latest ransomware attack. Huntress has high confidence that the attackers utilized an authentication bypass in Kaseya VSA to obtain access to an authentication session. They then uploaded the original payload and executed commands via SQL injection. Huntress is actively analyzing the situation as it is believed that the attackers may have compromised a legitimate web server and utilized it as a launchpad for their attacks. 

How CPT of Florida Utilizes Huntress to Protect you Against Similar Ransomware Attacks

CPT of Florida has partnered with Huntress to provide a best-in-class security platform.

Huntress finds and stops hidden threats that sneak past preventive security tools, so you can protect your customers from today’s determined cybercriminals. Huntress provides hands-on support and expertise needed to identify and stop advanced cyber attacks. The cyber-safety net deployed by Huntress is an essential tool in managed detention and will guard against ransomware. 

You can trust that CPT of Florida will protect your customer’s valuable data, increase your operational efficiency, guard against ransomware attacks and provide industry-leading cybersecurity expertise.  

Contact CPT of Florida for Best-in-Class Managed IT Services

At CPT of Florida, we are the premier managed service provider in Florida. Our clients depend on us to keep them secure online, so we take the fight to the attackers. When a threat is identified we jump into action by preparing a detailed plan of action that with one click can deploy automated actions that will allow you to respond to ransomware attacks as quickly as possible. Contact us today to speak to one of our cybersecurity specialists. Visit our contact us page or call us at 9549632775  today.  

 

Pin It on Pinterest

Share This

Customer Reviews

CPT of South Florida

Customer Reviews

John C

Google
CPT installed a new Avaya IP phone system for my office. The transfer to the new system was seamless. The installers were very professional. We are very happy with our new system and CPT.

Scott Meyer

Google
CPT of South Florida just upgraded all of our offices Avaya systems to the newest software versions. The tech was knowledgeable and very thorough when reviewing all of our system features and programming. This is a great group to work with.

Mario Bacelar

Google
Positive: Professionalism, Quality, Responsiveness, Value

Attention to their customers and they go beyond the line of duty with high hopes and capability for solutions.

Definitely Recommend.

M C

Google
Our business switched from one large VOIP provider to GoToConnect recommended by CPT of South Florida. Although we had a significant pricing decrease, the biggest benefits were in a much more user friendly and powerful phone system.

1st Performance Marina

Google
Positive: Professionalism, Quality, Responsiveness, Value

Great, Professional Service!!

Amaro Hesen

Google
Positive: Professionalism, Quality, Responsiveness, Value

Fantastic company - Highly Recommended!
CPT of South Florida are professional and knowledgeable in all aspects of the tech needs for businesses.

Lee Dubey

Google
Positive: Professionalism, Quality, Responsiveness, Value

CPT has been a great partner for many years. We can always depend on their expertise and recommendations. They have solved complicated network issues with top notch techs. They also recommended and guided us through the installation of the logmein/Jive phone system that turned out to be a great decision and CPT was a big part of the projects success..

Ilene Fostoff

Google
2 years ago I replaced my phone system. It was a very difficult situation due to the nature of my business. CPT did a good job. There were some hiccups as there are in anything you do of this magnitude and CPT rectified them. There support in the last 2 years has been very good.

Scott Bonora 24/1/19

Google
Barrett and his team did a great job throughout the whole process of installing a new phone system. We went with the Avaya phone system and we are very happy with it.

Rene Villa 24/1/19

Google
They provide high quality post implementation services. CPT support team remains engaged until my requests are fulfilled. Thank you!
Read more...