EXECUTIVE SUMMARY:

How would you respond if your clients were suddenly affected by ransomware? This firm stepped up to the plate, serving as an example for other enterprises.

On July 2nd, Dutch technology provider, VelzArt, fell victim to the Kaseya ransomware attack. VelzArt provides and manages technologies for smaller businesses. After the attack hit, VelzArt worked 24/7 to transport affected clients’ computers back to their corporate headquarters for repair.

VelzArt retains just over 30 employees and represents one of hundreds of organizations affected by the Kaseya ransomware episode. The vast majority of the firm’s clients felt the shock of the Kaseya breach.

VelzArt’s clients

VelzArt elected not to pay a ransom to hackers. Its customers also avoided extortion. On July 2nd, the day of the attack, systems that were switched on between 6pm and 8pm experienced disruptions. The ransomware fully encrypted some systems, while leaving others partially accessible.

After learning of the attack, VelzArt staff hastily fixed client computers over the weekend as to enable them to function in time for business hours on Monday. Non-VelzArt tech employees from other IT services groups in the Netherlands also lent a hand.

Experts were largely able to restore systems remotely. At this point in time, all client systems are operating normally.

Unlike most firms that experience ransomware attacks, VelzArt blogged extensively about how the attack affected customers. The firm also meticulously detailed the process underway to render clients’ computers functional again. Everyone received a thank you for their help, patience and understanding.

Important lessons from VelzArt

  • Communication. The firm immediately communicated critical information to clients. A variety of communication tools played a role; phone, mail, newsletters. As noted previously, the company’s blog also functioned as an integral element of the communication initiative.
  • Backups. VelzArt states that the affected servers and workstations that it dealt with could be restored from backups without major issues. While restoring from backups takes time, in this instance, it prevented organizations from paying ransoms.
  • Collaborative recovery. In recovering from the Kaseya ransomware attack, VelzArt received help from outside talent. This made the restoration process faster and smoother than it would have been otherwise.

To meet specific management needs for customers, VelzArt started a partnership with Kaseya in 2010. VelzArt was in the process of transitioning to a different remote administration platform when the Kaseya attack struck. However, a handful of its 500 customers still relied on Kaseya’s technologies.

Kaseya attack fallout

Reverberations from the Kaseya attack were felt among supermarket chains, kindergartens, and Swedish train operators, among other groups. The REvil hackers responsible for the attack had initially asked for $70 million bitcoin from Kaseya in an extortion payment. Later, the hackers aimed to charge individual companies between $100,000 and $500,000.

Ransomware, Information Technology systems

Another IT firm stated that a different ransomware group encrypted their systems and a $300,000 payment was requested to for file restoration. The hackers involved leveraged the Conti strain of ransomware and they do not appear affiliated with the REvil gang. Is the IT sector the next focal point for a wave of cyber attacks?

For more on the Kaseya ransomware story, see Cyber Talk’s past coverage. For the latest on the REvil ransomware gang, click here.