VS1 Cloud Blog

VS1 Cloud Blog


What Hoteliers Can Learn from the Biggest Global Ransomware Attack on Record

15th Jul 2021 | Hospitality

Sometimes, the biggest threats in life are the ones that we cannot see – especially in a primarily digital world that offers frequent opportunities for anonymity across virtual channels and data-driven infrastructure. The technological ecosystems we’ve come to rely on both personally and professionally provide a wealth of convenience and personalization, but with great power comes great responsibility. With sophisticated technology comes sophisticated attacks.

Cybercriminals are seemingly lurking around every digital corner, and, to this effect, a well-known hacker group called REvil launched a ransomware attack last week that has now impacted more than 1,000 companies worldwide. This is a potentially devastating blow to the managed service provider (MSP) industry, as REvil requested $70 million in Bitcoin ransom to unlock all affected computers. However, the hacker group later lowered the amount to $50 million.

This incident provides an essential lesson to any company that facilitates or relies on the exchange of potentially sensitive user data, such as hotels. Nobody is immune from hackers, and now, more than ever before, the hospitality industry needs to take proactive steps to safeguard guest data.

A Large-Scale Hack Unfolding in Real-Time

On the Friday afternoon preceding the July 4th long weekend, REvil set its sights on Kaseya’s VSA SaaS infrastructure, exploiting a vulnerability in supplier’s code (better known as a software supply chain attack) that granted them access to the systems of customers who utilize the tool. Just last month, REvil collected $11 million in ransom after successfully hacking JBS foods.

In a statement made on their website, Kaseya wrote, “Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to our teams’ fast response, we believe that this has been localized to a minimal number of on-premises customers only.” The company estimated that fewer than 70 of its direct customers were breached, with fewer than 1,500 downstream businesses affected. However, due to the nature of the companies that rely on the tool (many being IT/cloud service providers), the potential for continued impact is concerningly high. Coop, known as Sweden’s largest retailer, was forced to close almost 800 stores as the attack crippled their cash register software supplier. In fact, this latest attack has been deemed one of the biggest ransomware attacks on record, and, if paid, the $70 million in ransom would be the highest ransomware payment ever made.

While the incident is still unfolding, Forbes reported that REvil seemingly disappeared from the internet on July 13th, with their dark website suddenly going offline. According to the outlet, REvil’s other pages (including a page set up to receive ransom payment) are now inaccessible, and the group has been inactive across hacking forums for a few days. Neither the US nor others have taken credit for the action, but the threat actor may have decided to close that service and step away from the limelight they have created.

It’s Time to Heed This Cautionary Tale
MSPs aren’t simply in the business of providing streamlined, centralized network management – they are in the business of protecting customers. Incidents like REvil’s ransomware attack prove increasingly dangerous to the MSP industry, as customers may lose faith in the affected companies. In the case of Kaseya, the company quickly took the necessary steps to minimize the footprint of the attack, and, fortunately, VENZA and/or CyberTek MSSP customers were not (nor will be) impacted. However, the event serves as a cautionary tale for the hospitality industry at large.

In the last few months alone, REvil has claimed hacks of various well-known companies, including Invenergy, Acer, and Apple supplier Quanta Computer. These cybercriminal groups are highly motivated and increasingly aggressive and sophisticated in their attacks; oftentimes, it’s not a matter of “if,” but a matter of “when” these attacks will occur.

For this particular incident, a software vulnerability identified within Kaseya’s tool and the holiday weekend created a “perfect storm” of opportunity for large-scale exploitation. Considering the prevalence of sensitive user data that hotels leverage for operational procedures and guest engagement, it’s increasingly essential for properties to work with security vendors equipped to mitigate the risk of ransomware attacks and other cyber threats. Proactive data protection and regulatory compliance should be a vital component of any hotel’s infrastructure, especially across a post-pandemic landscape that has been ripe for digital exploitation.

Forget your last line of defense – what is your first line of defense? In 2021 and beyond, taking a reactive approach to data security simply isn’t good enough; moreover, it’s incredibly costly to both a hotel’s bottom line and public reputation. Maintaining a strong defense against cyber threats like REvil’s attack against Kaseya requires multiple layers of protocol, including security coaching, compliance certifications, audits, firewall management, threat detection programs, server and network management, and so much more. With this in mind, cybersecurity shouldn’t just be a consideration for hotels – it should be built directly into a property’s operational culture, treated as a key component of the guest experience and brand promise.

By: Jeff Venza