July 6, 2021
As you’ve probably heard, almost 1,500 businesses were hit on Monday, July 5, by a ransomware attack on the software vendor, Kaseya, whose products are widely used by IT management companies. An analysis of the malicious software shows it was created by REvil, a ransomware gang believed to operate out of Eastern Europe or Russia. The attack has crypto-locked nearly one million endpoint devices. REvil is demanding $70 million in ransom, and the White House is meeting the attack with a robust response. The White House said the FBI and Cybersecurity and Infrastructure Security Agency (CISA) were working with Kaseya to conduct outreach to victims.
Q2 has no relationship with Kaseya
We would like to reassure you that Q2 does not use nor has it ever installed Kaseya software. As part of Q2’s comprehensive and proactive security protocol, we have thoroughly scanned our environments for the published indicator of compromise (IOCs) and are pleased to announce that we have found no threats. We are also pleased to share that Q2’s Endpoint Detection and Remediation (EDR) software vendor has successfully defended against this ransomware attack, as several of its customers were targets.
Q2 financial institution customers may want to consider communicating the specific nature of the attack, which was aimed at small businesses using IT-managed services, with their account holders.
• Read Kaseya’s official response with updates.
• The Cybersecurity and Infrastructure Security Agency (CISA) and FBI have issued guidance for businesses affected by this attack.
Thank you for your partnership as we work to keep your assets and account holders safe.
Data Center Hosting and Operations Team