Ransomware Attacks

Web Servers Systems Networks
Advisory ID:
July 7, 2021


There has been an increase in ransomware attacks targeting government and private networks globally with the latest on the Kaseya VSA products, hence it is necessary to disseminate this security advisory to all Stakeholders and Ministries Departments and Agencies in Nigeria in order to take adequate preventive measures against ransomware attacks. It is noteworthy to know that all the recent ransomware attack on the Solarwinds, McDonald’s, Microsoft exchange server, JBS, US colonial Pipeline Company, etc has been estimated that the number of the ransomware attacks in 2021 may end up to be as high as 100,000 attacks with each one costing an average of $170,000. The ransom paid by Colonial and JBS combined was about $15 million against FBI advice. Therefore, the growing number of such attacks highlights the critical importance of making cyber preparedness a priority and taking the necessary steps to secure our networks against adversaries.

Description & Consequence

Recently, Kaseya, a well-known enterprise IT firm, is at the centre of the latest data encryption attack by REvil on its VSA product, software for remotely monitoring PCs, servers, printers, networks, and point-of-sale systems. Kaseya's VSA software had been used to spread ransomware that had encrypted "well over 1,000 businesses”. The attack exploited a zero-day or previously unknown vulnerability in Kaseya VSA. REVil has now demanded $70 million for a universal decryption tool to end the Kaseya attack. Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent years, ransomware incidents have become increasingly prevalent among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations.

The impacts of a ransomware attack to your company could include but not limited to the following:

  1. Temporary, and possibly permanent, loss of your company's data.
  2. Possibly a complete shutdown of your company's operations.
  3. Financial loss as a result of revenue generating operations being shut down.
  4. Financial loss associated with remediation efforts.
  5. Damaged to your company's reputation.


  1. It is recommended that those affected by the recent Kaseya attack should download the Kaseya VSA Detection tool that analyzes a system, either VSA server or managed endpoint, and determines whether any indicators of compromise are present.
  2. Employment of multi-factor authentication on every single account, as well as enforcing MSA for customer-facing services.
  3. Implementation of allowlisting to limit communication with remote monitoring and management capabilities to known IP address pairs, and placing administrative interfaces to RMM behind a VPN or a firewall on a dedicated admin network.
  4. Update software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks.
  5. Never click on links or open attachments in unsolicited emails.
  6. Back up data on a regular basis. Keep it on a separate device and store it offline.
  7. Follow safe practices when using devices that connect to the Internet.
  8. Implement a cybersecurity user awareness and training program that includes guidance on how to identify and report suspicious activity (e.g., phishing) or incidents.
  9. Ensure antivirus and anti-malware software and signatures are up to date.
  10. Apply the principle of least privilege to all systems and services so that users only have the access they need to perform their jobs.
  11. Report all cyber incidents to the Nigeria Computer Emergency Response team for technical assistance.


  1. https://sensorstechforum.com/cve-2021-30116-kaseya-ransomware-attack/
  2. https://www.zdnet.com/article/kaseya-ransomware-attack-us-launches-investigation-as-gang-demands-giant-70-million-payment/
  3. https://www.bleepingcomputer.com/news/security/revil-is-increasing-ransoms-for-kaseya-ransomware-attack-victims/


Related Articles