‘Left Unchecked, The Worst Is Yet To Come’
Even as MSP platform provider Kaseya grapples with the largest ransomware attack in history, Huntress CEO Kyle Hanslovan says that “left unchecked, the worst is yet to come.”
In fact, Hanslovan (pictured), who has become a high-profile advocate for better security policies and procedures in the MSP community, said he expects to see more of the REvil ransomware that has impacted 50 MSPs and more than 1,000 customers.
“I think we are going to see this even more in the future,” said Hanslovan, whose 100-member team has been working around the clock since Friday afternoon helping MSPs and customers impacted by the Kaseya attack. “It is REvil today. But there are a dozen other ransomware as a service groups that will copy this.”
Huntress called Kaseya within 30 minutes of the REvil attack on Friday afternoon to help counter the cybercriminal organization. At that time Kaseya shut down their VSA servers. “Imagine if instead of it being 30 MSPs it was 17,000 MSPs,” said Hanslovan. “That is what I am talking about. Left unchecked, the worst is yet to come.”
REvil is “dangerously efficient,” said Hanslovan, noting the attackers targeted MSPs to lock up the data of thousands of customers in one fell swoop. “It shows how innovative they are to use the supply chain to maximize their bang for the buck. They are quite business savvy. Why go one computer at a time, one company at a time, when you can do one to many? I think this incident highlights their business savvy.”
Hanslovan, whose company helped connect MSPs that provided much-needed technicians to help those colleagues impacted by the Kaseya attack, pointed out that other MSP vendors including ConnectWise and N-able have also in the past faced highly publicized attacks. “The MSP community needs to hold vendors responsible for better code quality,” he said.
Last but not least, there needs to be more cooperation among the MSP community and vendors to gather threat intelligence, said Hanslovan. “We are pulling that information centrally and pouring it into the FBI’s hands so they can take action,” he said. “We are hoping for more of that community-wide effort of knowledge sharing, transparency and rallying is what is needed.”
What follows is an edited portion of CRN’s interview with Hanslovan.