Are You Vulnerable to an Attack Like Kaseya One on Kaseya? (Restore it All Podcast #112)

Mr. Backup and Prasanna discuss the Kaseya attack that happened over the July 4th weekend of 2021. First, we talk about how bad actors use long weekends for attacks, then discuss various things you can/should do to ensure that your environment would not be vulnerable to such an attack. We talk about the kinds of questions that even an unskilled person can ask to help mitigate this risk, including (especially) the all-important questions about backups. We also talk about the need for establishing a “bat-phone” type connection between your environment and any providers you may be using. We have a short talk about the impact that all these attacks are having on ransomware costs, and how you can use your DR site to test patches.

----- Signature and Disclaimer -----

Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technical Evangelist at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.

2 thoughts on “Are You Vulnerable to an Attack Like Kaseya One on Kaseya? (Restore it All Podcast #112)

  1. Joe Matuscak says:

    One comment on the idea of a “painstaking” recovery from a ransomware attack. I’d say that even if the data/OS restore is quick and easy, there is still going to be a painful process around figuring out how the bad guys got in and hunting down all of the persistence points they might have squirreled away that will allow them to get back in. Even if you do something like rebuilding the OSes from known good sources, and the same with the applications, that’s going to be a huge amount of work and it still may not find everything.

Comments are closed.