Recovery of data underway for computers impacted by global ransomware attack
The Information Technology (IT) Security Office has provided an update on the recent global ransomware attack against IT management software firm Kaseya, and its impact on Virginia Tech users.
The July 2 attack targeted Kaseya’s VSA software, which is used to monitor and manage endpoint computers such as PCs and point of sale systems for thousands of companies worldwide. While Virginia Tech was not directly targeted by the attackers, a Kaseya VSA application that provides software management for several university areas was infected with the ransomware, impacting roughly 600 computers across campus.
As part of Virginia Tech’s immediate response, the Kaseya VSA application was shut down, effectively stopping any additional spread of the ransomware. Division of IT and departmental IT personnel have been working to recover data from backups and restore critical systems affected by the breach as quickly as possible. Each impacted computer is being rebuilt to remove any traces of the ransomware and scanned with antivirus software and the Spirion sensitive data finder.
The Kaseya VSA application will remain down until it is rebuilt with a fully patched and approved version. Kaseya’s latest updates on the situation can be found on their status page.
Members of the Virginia Tech community are reminded to be sure that any sensitive data that must be stored is encrypted and that antivirus software is active. Additionally, computer backups should be stored offline on a separate device — this may include, but is not limited to, the cloud, another computer, DVDs, CDs, external hard drives, USB thumb drives, and memory cards. Report any known or suspected IT security incidents.