Federal authorities are recommending that organizations affected by the July 2 ransomware attack on IT management software company Kaseya implement a slew of protections to remediate the issue.
FBI and the Cybersecurity and Infrastructure Security Agency released guidance July 4 in response to the ransomware attack the REvil ransomware gang is using to try to extort $70 million from Kaseya, according to the Wall Street Journal. About 50 of the company's customers have been compromised by the attack, and 40 of them are managed service providers. Security experts estimate that at least 200 companies in the U.S. have been affected, according to Newsweek.
In the guidance, the FBI and the federal cybersecurity agency recommend that managed service providers and their customers download the Kaseya VSA detection tool, which analyzes a system and determines whether there are any indicators of compromise.
The agencies also advised victims to enable multifactor authentication for every account under Kaseya's control and to limit communications with remote monitoring and management capabilities to known IP address pairs.
"This attack once again demonstrates that our cyber adversaries are conducting highly researched and strategic attacks targeting ubiquitous technology service providers that provide broad access to the initial targets and their customer base," said John Riggi, senior adviser for cybersecurity and risk at the American Hospital Association, according to a July 6 hospital association report. "It is incumbent upon all of us to implement and maintain risk-based vendor risk management programs, which identify mission critical business associates, their dependencies and any business associate, software or service that has elevated network access and privilege."