1. The Ransomware Attack ‘Cyber-Pandemic’

Global systems integrator and consulting firm Accenture confirmed this week that it was the victim of a ransomware attack, launched by a hacker group using a strain of ransomware called LockBit and reportedly threatening to release company data and sell insider information.

Accenture said the attack had no impact on the company, saying it had successfully identified and contained the attack and isolated the affected servers. But the hackers, in a Dark Web posting, ominously said: “If you’re interested in buying some databases, reach us.”

The attack on Accenture was just the latest in a growing wave of ransomware attacks – and what’s become the biggest news story of 2021, so far.

On July 2 IT service management vendor Kaseya took all SaaS instances of its VSA remote monitoring and management tool offline, citing a “potential attack” against some VSA customers. The company also posted a notice on its website recommending that customers immediately shut down their VSA servers.

That was the beginning of what would prove to be one of the biggest ransomware attacks in years. The REvil gang, exploiting a vulnerability in the on-premises VSA software, compromised some 50 MSPs and encrypted end-customers’ data. The attackers demanded ransom payments from more than 1,000 victims, $50,000 from smaller companies and $5 million from larger ones – $70 million in total.

The attack put additional focus on the growing threat of ransomware. Ransomware caught the attention of the general public in early May when a ransomware attack against Colonial Pipeline resulted in gas shortages in the Southeast. Ransomware hacks have been increasing over the last several years with attacks against IT systems operated by hospitals and county and local governments.

Closer to the channel, ransomware attacks have been launched against solution providers, systems integrators and managed service providers – the latter against remote monitoring and management tools like Kaseya’s VSA.

Kaseya VSA remained offline for about 10 days, causing disruption for MSPs and their clients and eliciting an apology from CEO Fred Voccola. The company issued a patch and restarted its servers on July 12. But the blowback has continued with reports that the company had warnings about the VSA vulnerability and reports that Kaseya employees had warned management of the potential danger.