Hundreds of companies, including 11 kiwi schools were affected by a ransomware cyber attack that uses a tool from a software company called Kaseya. The Kaseya ‘VSA’ tool is used by small and medium-sized companies to manage Information Technology functions like, patching, updates, monitoring and remote maintenance.
The cyber criminals somehow managed to hijack the tool and started encrypting the files of customers in this ransomware cyber attack. This is an example of how one successful ransomware attack on a single company can spread to hundreds of unsuspecting organisations globally.
Ransomware is malicious software that encrypts/locks a victim’s computer until a ransom is paid, typically in Bitcoin cryptocurrency. Ransomware can also spread through a business network leaving a path of encrypted destruction.
According to the NZ Herald, a ministry spokesperson said that 11 schools out of 2400 may have been affected by the ransomware attack and that they are working with those schools to support them. St Peter’s College in Cambridge and the Whānau Manaaki Kindergarten group are among those impacted.
Kaseya issued a statement that warned customers about the attack and the need to immediately stop their services to the tool. They also said they may have found the source of the vulnerability and were releasing a patch as quickly as possible to get customers back up and running.
The company has continually posted alerts since Friday and released a self-assessment ‘Compromise Detection Tool’ to almost 900 customers to scan and find affected areas.
‘We have been advised by our outside experts, that customers who experienced ransomware and receive communication from the attackers should not click on any links — they may be weaponized’
CertNZ warns NZ users of Kaseya VSA to shut down services until further notice.
The Ministry of Education’s website offers helpful guidance on protecting schools from cyber attacks. ‘Successful cyber-attacks can result in either permanent loss or public exposure of, important or sensitive information, as well as ongoing disruption to school business while recovering from a cyber-attack.’
The ministry encourages the following actions to reduce the risk:
- Back up important data from the school network regularly.
- Phishing emails and telephone scams – ensure your staff and school community are aware and vigilant.
- Update your software and devices when patches become available.
- Install antivirus software on your devices.
- Only use a secure connection to access your school’s network remotely.