The ransomware/malware- REvil / Sodinikibi used Kaseya network-management package as a conduit to spread the ransomware through cloud-service providers. Otava assessed the risk to the core delivery system levels for our customers, and we are not directly at risk to this attack vector. The Kaseya network-management package is not in use anywhere on systems for which Otava is directly responsible.
That said, we have at least one known Otava client that utilizes an IT provider where Kaseya is used resulting in the customer being potentially impacted by the ransomware. In an effort to help all of Otava’s customers, while maintaining client confidentiality, here’s an anonymized description of how they were impacted and the remedy so all of our clients can take steps to protect themselves.
In this instance, the customer’s IT provider was leveraging the Kaseya network-management package for remote management of the client workstations and servers. The client workstations had open shares to their file server at Otava, which meant that as the ransomware spread across their internal network, every workstation with a share to the file server automatically started encrypting files.
Thankfully, the client had subscribed to both backups and DRaaS for the Otava based assets that were impacted. The result was an easy resolution with the local workstations rebuilt quickly due to their data protection efforts and, without the need to pay the ransom.
Otava strongly recommends that clients review their internal networks for the use of the Kaseya network-management package and contact all vendors to confirm it is not in use. In addition, please review all of the software installed on your servers to ensure you’re protected.
While Otava is not involved in the proactive protection of client local workstations, we do have the capability to help protect the servers in the Otava environment through both fully managed or self managed backups and DRaaS offerings
. If your organization is seeking to proactively address mitigation of issues like this most recent ransomware event, please contact your Otava Sales representative or Otava at 877-640-5028. In the event you have not deployed both backup and DRaaS in your environment, please prioritize the effort to secure these services and protect your business.
In the unfortunate event you discover that your organization has been impacted by the REvil / Sodinikibi ransomware / malware – please contact Otava support at 877-640-5028 or [email protected]
so we can assist with backup restores and DRaaS incident declarations.
Otava continues to monitor the situation.
The Otava Support Team