To our Valued Customers:
Most of you probably saw the news over the past two days: “Massive Ransomware Attack Has Hit More Than 1,000 Companies.” This is the biggest breach since WannaCry – and maybe even bigger. For reference, WannaCry resulted in up to $4 billion in economic loss.
Rest assured that Buchanan Technologies has not been impacted by these attacks, though we, like you, are monitoring this event very closely. We do not use Kaseya, the vendor who has fallen victim to a supply-chain attack.
We have had partners not only ask “Is Buchanan affected by this attack?”, but also “What is Buchanan doing to keep us safe?”
We’d also like to express solidarity with the 20+ MSPs, the vendor Kaseya, and all of the other victims of this criminal act. This is an enormous event, launched right as Canada and the US went into the holiday weekend. This is common with these types of attacks. In fact, only 25% of attacks happen during normal business hours, highlighting the importance of “always-on”, 24/7/365 security.
What We Know:
There are many ways this could have happened, and the exact vector will be identified and made public; one example would be if a Kaseya employee’s account was compromised, and the attackers used that account to edit Kaseya’s source code.
Kaseya’s full statement and continually updated press release can be found here. Kaseya has also shared a detection tool, which essentially checks for “userfiltertablerpt.asp” file in their public webroot. Additionally, this blog by Huntress is a great resource for detecting indicators of compromise (IOCs).
What We Have Done:
• A fully managed 24/7 Security Operation Center
As for our internal security efforts, in addition to “drinking our own champagne” and utilizing our own security services, Buchanan Technologies has been continually assessing and updating our security posture in alignment with NIST 800-53 (high baseline), the CIS 18, and CMMC (5). We are also GDPR and HIPAA compliant and have our SOC 2 Type 2 certification.
In many ways, our internal security surpasses our compliance standards. For example, we are leaders in the “threat hunting” space, continually monitoring every object running or scheduled to run across our entire environment. We have an incident response plan in place and abide by a ransomware playbook. Without going into too much detail, even if we used Kaseya, this attack would not have affected the Buchanan network.
What You Can Do if You Were Affected:
What You Can Do Even if You Were Not Affected This Time:
Buchanan can assist you in creating an IR plan and customized ransomware playbooks, then we can test your response and recovery capabilities with tabletop exercises.
On behalf of the rest of the Buchanan leadership team, I’d like to thank you for your partnership.