The Kaseya ransomware nightmare is almost over, according to headlines. A recap: a massive ransomware attack hit a bunch of MSPs on July 2, and it trickled down to more than 1,500 businesses. The attackers asked for $70 million, dropped their demand to $50 million, then went offline, so even if a victim wanted to pay the ransom ($45,000-$5,000,000 per business), there was no way to do it.
What did people do? What would any reasonable business-person do? They did their best to rebuild their databases and restore their systems with information from whatever backups they had.
Fast forward to this week. Kaseya says it obtained the universal decryptor from a “trusted third party.” This would have been awesome a couple of weeks ago, but after spending two weeks putting your world back together… what good is it?
Certainly some of the lost data was not rebuildable or replaceable, so there might be some instances where it still makes sense to unfix the fixes and spend the time and money to put everything back together. But two weeks in, most of the victims have crafted workarounds or figured out how to get back in business without the stolen files.
No matter how you look at this, it was a massive financial burden to every victim. Today is a great day to have a chat with your team and go over your business resiliency and business continuity plan. If you get hit with a ransomware attack this afternoon, what happens? Who gets notified and in what order? Who initiates the restore protocols? How many hours, days, weeks of backups are available? Which servers go back online first and in what order? And on, and on.
This type of attack is becoming commonplace, and there’s no excuse for not being ready. Please feel free to reach out if you want to review your workflow and processes, or if you need additional resources.
Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it.