About Us

Kubernetes Protection Extended in AWS by Redstor

Redstor a Data management, and SaaS protection company has introduced a new service aimed at changing the way how managed and cloud service providers (MSPs and CSPs) handle Kubernetes installations on AWS. Amazon Elastic Kubernetes (Amazon EKS), a managed container service for handling applications in the cloud or on-premises, has been introduced to the firm’s offering, allowing partners to scale client backups and eliminate the need for multiple, ununified solutions.

Backups have traditionally not been built for modern, container-based applications, necessitating service providers to use separate Kubernetes solutions to back up not only apps but also configurations, according to Redstor. The company hopes to integrate such processes with its new extension, removing the need for disparate solutions to be bolted together.

According to Redstor, services providers will benefit from the ability to quickly restore a Kubernetes environment by injecting data back into an existing cluster for fast resolution of ransomware, accidental or malicious deletion, or misconfiguration while managing multiple accounts with a single solution designed specifically for cloud partners.

Redstor’s backup empowers users with easy scalability and ongoing maintenance, unlike other extremely sophisticated services that need error-prone scripting. There’s no necessity to move between interfaces. All the features give MSPs a better chance to achieve large margins quickly at scale, stated Redstor’s chief product officer, James Griffin.

CompTIA Members offer assistance to victims of Ransomware Attacks

CompTIA, the non-profit association for the information technology (IT) industry and workforce, announced a number of initiatives to assist IT companies affected by the global ransomware outbreak.

CompTIA member organisations are assisting and supporting other IT companies and via them the customers who have been affected by the ransomware attack.

MJ Shoer, senior vice president and executive director of the CompTIA ISAO said “Within hours of the attack being discovered more than three dozen members of the CompTIA Information Sharing and Analysis Organization (ISAO) offered assistance, including driving or flying to impacted companies to provide additional ‘boots on the ground,’ as well as sharing communications, incident response strategies, technical support and other resources.”

CompTIA is creating a Rapid Response Team, comprising of internal and member resources, to assist any IT firm that is the victim of a cyberattack, whether or not they are a CompTIA member.

In addition, the CompTIA ISAO’s Cyber-Forum is giving near-real-time updates on the attack, with the information open to the entire industry, not just ISAO members.

“This was a global attack impacting companies around the world, reminding us that we face unprecedented threats from cyberattacks, unlike any threat we have collectively faced in the past. That is why it is critical that we engage in an active discourse that discourages ‘cyber-shaming’ and encourages public and private organizations to come forward immediately and share as much threat intelligence as possible to limit the damage of these attacks and to ward off future incursions.” Shoer said.

“Kaseya just holds the unfortunate distinction of being the company attacked, even as they were working on closing down the very vulnerability that the attackers used,” he said. “Kaseya is to be commended for their transparency throughout this attack.”

Revil Ransomware Cyberattack, The Year’s Biggest Cyberattack on Kaseya Ltd: FBI, CISA Offer Guidance

The REvil cybergang claimed responsibility for the large ransomware attack on managed service provider Kaseya Limited. The ransomware attack is huge and it is considered the single largest worldwide ransomware attack ever this year. Financial services, tourism, retail and government computer systems in several nations are all affected. The attackers claim to have infected 1 million Kaseya-connected computers and are seeking $70 million in bitcoin in exchange for a decryption key. The number of enterprises affected is estimated to be in the thousands, according to federal authorities.

The attack is massive and considered the single biggest global ransomware attack on record. Affected are financial services, travel and leisure and public sector computer systems located across many countries.

The infamous cybergang REvil claimed responsibility for the attack in a posting posted to a hacker site on Sunday. The message was as follows:

“On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is 70 000 000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour. If you are interested in such deal – contact us using victims “readme” file instructions.” – REvil.

The gang (also known as Sodinokibi ransomware group) has been operating since April 2019 when the GrandCrab cybergang split, according to a detailed investigation of the REvil attack by Kaspersky. “REvil ransomware has been advertised on underground forums for three years and it is one of the most prolific Ransomware as a Service (RaaS) operations,” researchers wrote.

Later, Deputy National Security Advisor Anne Neuberger issued a statement stating that US President Joe Biden had “directed the full resources of the government to investigate this incident” and urging anyone who believes they have been hacked to contact the FBI.

In related news, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) of the United States offered support to those affected by the massive cyberattack.

“We encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya’s guidance to shut down VSA servers immediately. As always, we stand ready to assist any impacted entities,” according to a security alert.

“If you feel your systems have been compromised as a result of the Kaseya ransomware incident, we encourage you to employ all recommended mitigations, follow guidance from Kaseya and the Cybersecurity and Infrastructure Security Agency (CISA”) to shut down your VSA servers immediately and report your compromise to the FBI.

Kaseya helpdesk stated –

“On Friday, July 2nd, Kaseya received reports from customers and others suggesting unusual behavior occurring on endpoints managed by the Kaseya VSA on-premises product.  Shortly thereafter, customer reports indicated that ransomware was being executed on endpoints.  In light of these reports, the executive team convened and made the decision to take two steps to try to prevent the spread of any malware:  we sent notifications to on-premises customers to shut off their VSA servers and we shut down our VSA SaaS infrastructure.

The attackers were able to exploit zero-day vulnerabilities in the VSA product to bypass authentication and run arbitrary command execution.  This allowed the attackers to leverage the standard VSA product functionality to deploy ransomware to endpoints.  There is no evidence that Kaseya’s VSA codebase has been maliciously modified.   

Mandiant was quickly engaged to investigate the incident.  We have been actively engaged with Mandiant to assess the manner and impact of the attack.  We are also cooperating with federal law enforcement to ensure that they have the information they need to investigate this attack.  Below, we provide some of the technical details that we have been able to confirm in the course of the investigation.

To date, we are aware of fewer than 60 Kaseya customers, all of which were using the VSA on-premises product, who was directly compromised by this attack.  While many of these customers provide IT services to multiple other companies, we understand the total impact thus far has been to fewer than 1,500 downstream businesses.  We have not found any evidence that any of our SaaS customers were compromised.

We have begun our restoration process and are developing and readying for deployment to our VSA customers a fix for this issue.  On July 3rd, Kaseya released a Compromise Detection Tool to customers.  This tool analyzes the user’s system (either VSA server or managed endpoint) and determines whether any indicators of compromise (IOC) are present.  To date, over 2,000 customers have downloaded the tool.  Updates on this are being posted at the following link: https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689.  We are working to bring our SaaS environment up safely and provide an update for on-premises customers.

We know there is a lot of information circulating about this incident.  Some of it is accurate, much of it is not.  We will continue our efforts to keep you updated as we have solid, actionable information to share.”

Dell Technologies Capital Invests in Calamu for Next-Gen Data Protection

Calamu, a cybersecurity startup that provides enterprises with next-generation resilience and near-impenetrable data protection, announced that Dell Technologies Capital has invested in the firm.

“Dell Technologies Capital brings a deep understanding of enterprise IT, and they recognize the urgent need to better safeguard data from ransomware and data breaches,” said Paul Lewis, Founder & CEO, Calamu. “We are excited to collaborate with Dell Technologies Capital as we protect the world from this surging threat.”

Cyber criminals continue to exploit several data protection measures, resulting in record-breaking ransom payments and lengthy periods of company disruption. Many recent high-profile ransomware attacks have used the “double extortion” ransomware strategy, in which data is stolen first before the local environment is encrypted, providing the attacker two points of leverage to demand payment. Calamu has developed an innovative product that protects sensitive data from ransomware assaults, including complex double-extortion ransomware. The multi-patented system removes the downtime, financial fines, and reputational harm that a ransomware attack or data breach can cause.

“Calamu has the potential to revolutionize how enterprise data is stored, managed, and secured,” said Raman Khanna, Managing Director, Dell Technologies Capital. “Their unique data protection technology brings a powerful solution to the ongoing fight against ransomware and other cybersecurity threats.”