Let’s set a scene that’s all too familiar to those of us who work in cybersecurity.
It's the Friday afternoon before the Fourth of July weekend. So far, things are quiet. You’re excited for the long weekend, fireworks and barbeques.
But then, the unthinkable happens, and all hell breaks loose. Ransomware strikes your entire customer base. Not one, not two—but your entire client base.
You feel yourself go numb. Then, you’re at a standstill for the next two minutes as you process the nightmare that just landed on your doorstep.
So, what’s next?
This nightmare scenario was an unfortunate reality for Robert Cioffi, COO and co-founder of Progressive Computing.
On July 2, 2021, hackers launched a cyberattack on Kaseya’s VSA, which affected approximately 50 managed service providers (MSPs).
The REvil ransomware group launched an attack that spread from the MSPs to between 800 and 1,500 businesses worldwide, leaving them virtually paralyzed.
Progressive Computing was one of the victims of the attack on the Kaseya VSA RMM tool. Hackers installed ransomware across their entire client base, simultaneously affecting 2,500 endpoints across 80 clients with 200 physical sites in four different time zones.
We hosted a webinar with Robert, where he candidly shared his team's story from the last year, providing his perspective on what went through his head leading up to and following the attack. It’s an incredible story of how they were able to fight through a mass-scale attack and emerge even stronger.
We won't spoil the entire story for you—it's a good one and one worth hearing firsthand. But, we’ll share some key takeaways that Robert offered to any MSP that finds itself in the same stressful situation.
1. Have an incident response plan.
With no formal incident response plan in place, Robert and the Progressive Computing team were desperately trying to find a fix. But how do you begin to fix something when you don't even know what the actual fix is?
He credited the core values and the culture his team has built as their saving grace. But he urged others to learn from the mistakes Progressive Computing made and reasoned that even a half-baked plan is better than nothing.
However, the right response plan can make or break how you handle cyber incidents, so we recently met again with Robert and our panel of MSPs and experts to discuss the ins and outs of incident response planning (you can watch that full webinar here).
2. Call your cyber liability insurance provider.
As Robert says in the webinar, the first step any MSP should take in the event of a cyberattack is to contact their cyber liability insurance provider.
With attorneys specializing in these kinds of circumstances, they will be your first responders in helping you begin to navigate these situations.
3. Don't be so quick to use the "B" word.
Robert warns of using the “B” word, breach, because of the legal implications the word carries. Often, it’s better (and less legally scathing) to use words like incident or event.
4. Remember that culture wins over strategy.
As Robert began to guide his team through what seemed like an impossible situation, he reflected on the core values of Progressive Computing. Those values are
- Commitment: Determination to do what it takes
- Team: Together, we get it done
- Humble confidence: Service without ego
- Respect, always
Robert knew that by coming together as a team and remembering their core values, they would find their way through—no matter what.
5. Lean on the MSP community.
A major point of emphasis from this story is the need for a peer group—a community you can lean on when if find yourself in situations like these.
We’re all about community at Huntress, so we were quick to reach out and offer our services to help Robert and his team navigate through this attack.
The best part? We weren't alone in offering help! What started as a couple of business owners and their staff showing up to help Progressive Computing turned into a wave of people offering support. With this community, Robert and his team were able to come out on the other side.
But this led Robert to a new question: “It got me thinking, how do we create a system so that any MSP can break the glass in case of emergency?”
Enter the Volunteer Response Corps.
Volunteer Response Corps
With the Volunteer Response Corps, there is truly light emerging from darkness. Robert explains that this organization will be a “for us, by us” group of MSPs that work together to help others in their time of need. It’s a clear way for the MSP community to unite and fight back against these savvy attackers.
Robert detailed how this organization came to fruition in the webinar.
The Huntress Neighborhood Watch Program
In the Progressive Computing story and many others like it, we see the triumph of community. Their story (and so many like it) is why we felt compelled to develop The Huntress Neighborhood Watch Program, which we designed to provide MSPs with practical programs and resources to raise the security level for the entire cybersecurity community.