Kaseya ransomware attack affecting Kiwi Schools – There were hundreds of companies affected by the ransomware cyberattack that used a tool from a software company called Kaseya. The Kaseya ‘VSA’ tool is used by small and medium-sized companies to manage Information Technology functions like, patching, updates, monitoring, maintenance.
The Ministry of Education released a statement earlier this week and confirmed that the number of schools affected was lower than initially identified. According to the statement:
- There are two schools that have the Kaseya software installed, but it’s been dormant for some time.
- There are seven schools that use the software but have no evidence of the attack and they have shut down the impacted services.
- Two schools have confirmed they use the software and have been impacted by ransomware. They have taken steps to contain the issue, but there is no evidence of data loss at this stage.
- One childhood provider uses the software and has taken precautionary measures.
Ransomware is malicious software that encrypted/locks a victim’s computer until a ransom is paid, typically in bitcoin cryptocurrency. Ransomware can also spread through a business network leaving a path of encrypted destruction.
How does this ransomware attack work?
Interested in how this cyber attack works? This SophosLab video explains and demonstrates the REvil ransomware orchestrated through the Kaseya.
Who is behind the attack?
The group of Russian hackers behind this cyberattack call themselves REvil and are demanding USD70 million to unlock computers impacted in the Kaseya software. The hackers exploiting several vulnerabilities in the Kaseya VSA software and were able to distribute ransomware to their customers.
How is Kaseya helping customers?
Kaseya has maintained an up-to-date news feed on their website. As of today, the software company has updated the ‘runbooks’ for customers to prepare for the rollout and restoration of service. The runbook helps affected customers prepare for an upcoming patch release. Schools affected by the Kaseya ransomware attack can use the runbooks to eradicate and contain the incident.
What should Kiwi business do?
CertNZ urged Kiwi businesses to stop using the tool until Kaseya issues instructions on how to safely restart services.
The ministry also encourages the following actions for schools to reduce the risk of a cyberattack:
- Back up important data from your school network regularly.
- Phishing emails and telephone scams – ensure your staff and school community are aware and vigilant.
- Update your software and devices when patches become available.
- Install antivirus software on your devices.
- Only use a secure connection to access your school’s network remotely.