Kaseya Ransomware: 'Largest Attack I've Witnessed So Far'Mark Loman of Sophos Analyzes the Scale and Impact of the Attack Against Kaseya
Since Friday afternoon, Mark Loman of Sophos has been immersed in studying the scope and impact of the ransomware attack spread through Kaseya VSA's remote management platform. And he's learned enough about it to say without reservation: This the largest ransomware attack he's seen.
"What's unique about this attack is that the adversaries have leveraged what appears now to be a zero-day exploit to gain access to issue commands and send code to victims," says Loman, Director of Engineering at Sophos. "And what's interesting here is that the attacker did quite some research in order to attempt to bypass security controls by making sure that their payload is obfuscated, making sure that it works well, and they have extensive knowledge on how to set up their attack through the Kaseya software."
From Sophos' visibility into its own clients, it sees evidence of more than 70 managed service providers impacted, resulting in more than 350 individual companies struck. But Loman fully expects this total number to be much larger, impacting thousands of organizations throughout the world.
In this exclusive interview, Loman discusses:
- What is currently known about the scale and impact of the attack;
- Attribution and distribution of this attack;
- The further implications for enterprises and how they detect and defend against ransomware.
Loman is a director of engineering for next-generation technologies at Sophos. As an ethical hacker with a passion for information security, Loman oversees a team of experienced developers responsible for delivering practical signature-less solutions. With more than 10 years of experience, Loman has a keen eye for innovating effective solutions and technology that stop zero-day cyber threats. With in-depth knowledge of the intricate workings of modern computers and applications, Loman’s team isn’t shy when applying unconventional methods to test and create prevention techniques to battle even persistent attackers.