Colossal REvil / Sodinikibi Event; Data Protection Can Save Your Company!

Posted 7.6.21 by
Brandi Jaylin

Otava has alerted all clients of a new malware / ransomware threat that was strategically released over the 4th of July National Holiday weekend.

The ransomware/malware- REvil / Sodinikibi used Kaseya network-management package as a conduit to spread the ransomware through cloud-service providers. Otava assessed the risk to the core delivery system levels for our customers, and we are not directly at risk to this attack vector. The Kaseya network-management package is not in use anywhere on systems for which Otava is directly responsible.
That said, we have at least one known Otava client that utilizes an IT provider where Kaseya is used resulting in the customer being potentially impacted by the ransomware. In an effort to help all of Otava’s customers, while maintaining client confidentiality, here’s an anonymized description of how they were impacted and the remedy so all of our clients can take steps to protect themselves.
In this instance, the customer’s IT provider was leveraging the Kaseya network-management package for remote management of the client workstations and servers. The client workstations had open shares to their file server at Otava, which meant that as the ransomware spread across their internal network, every workstation with a share to the file server automatically started encrypting files.
Thankfully, the client had subscribed to both backups and DRaaS for the Otava based assets that were impacted. The result was an easy resolution with the local workstations rebuilt quickly due to their data protection efforts and, without the need to pay the ransom.
Please see the following news article from NPR for additional information about the attack: https://www.npr.org/2021/07/03/1012849198/ransomware-cyber-attack-revil-attack-huntress-labs
Otava strongly recommends that clients review their internal networks for the use of the Kaseya network-management package and contact all vendors to confirm it is not in use. In addition, please review all of the software installed on your servers to ensure you’re protected.
While Otava is not involved in the proactive protection of client local workstations, we do have the capability to help protect the servers in the Otava environment through both fully managed or self managed backups and DRaaS offerings. If your organization is seeking to proactively address mitigation of issues like this most recent ransomware event, please contact your Otava Sales representative or Otava at 877-640-5028.  In the event you have not deployed both backup and DRaaS in your environment, please prioritize the effort to secure these services and protect your business.
In the unfortunate event you discover that your organization has been impacted by the REvil / Sodinikibi ransomware / malware – please contact Otava support at 877-640-5028 or [email protected] so we can assist with backup restores and DRaaS incident declarations.
Otava continues to monitor the situation.
The Otava Support Team

About Otava

Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.

Get in touch with an Otava Rep today – just provide us with a bit of information below to get started and we’ll reach out to you shortly!