LA PLATA, Md. – On July 2nd, JustTech and their clients were victims of the recent cyber-attack that has been reportedly attributed to a criminal gang in Russia known as REvil. In this attack, REvil actors utilized a vulnerability in an industry leading security tool (Kaseya), which JustTech utilizes for our clients. A popular security tool that keeps bad actors out of clients’ networks everyday was hijacked and used to deliver ransomware to hundreds of our clients and thousands of users. Many other managed service providers were affected as well.
JustTech keeps offsite encrypted backups for our clients and JustTech and our clients are recovering and will fully recover.
By the end of the day Monday, we are estimating 90% of clients will be functional to conduct business. It is our goal that by Wednesday, 100% of our clients will be functional to conduct business. This has been a challenging task to bring up over a hundred networks and over a thousand of devices (computers, laptops and servers) in such a short amount of time. Our goal from the beginning is to bring all clients to an operational/functional state as data is ready and transferred from the backup drives, address urgent/critical needs and then take care of any outstanding issues for full recovery as soon as possible.
JustTech’s teams are giving it their all and working around the clock towards restoration. Already in a short amount of time, over 1,500 hours of IT support has been performed. Our clients are our priority, we greatly value our relationship with our clients, and we are invested in promptly recovering and restoring the systems impacted by this attack. JustTech will not be charging clients for the work that our team is performing related to the recovery and restoration of the systems impacted by this attack.
JustTech has more than 3,000 clients with our different product and solution offerings: Xerox, managed print services, managed IT services, cloud fax services and app solutions. Most of our clients were not affected by this cyber-attack and those affected have been contacted.
For JustTech, it is believed the cyber-attack began at 12:31PM Eastern Standard Time on Friday, July 2nd. JustTech discovered the breach, disabled, and shut down the affected servers within 8 minutes. We then began calling customers to shut down all servers, laptops, and desktops until we could gauge the impact of the attack. We did this as a precaution. Not all of our managed IT clients were impacted and not all devices were infected.
Last Sunday (4th) & Monday (5th), JustTech sent affected clients a list of workstations (computers and laptops) that we felt were and were not infected. JustTech has not observed any device that is not currently infected, become infected so we felt these non-infected devices are good for use now with little to no risk. Thus far, this has remained proven to be correct. It is our hope that with this information, business could continue for our clients in some way as we continue to bring everything else back up.
JustTech and several external security firms strongly feel this was a traditional ransomware attack and that no data was stolen rather only encrypted. Data on our encrypted backup servers can be restored.
Mark Loman of Sophos, a national security company, said he has been studying this cyber-attack and it is by far, the largest ransomware attack he has ever seen. We never wanted to go through something like this but had a plan if we had too.
After the recovery, JustTech will study our response and preparedness and identify areas of improvement should this or anything similar happen again. Just recently, there have been massive cyber-attacks on Microsoft, SolarWinds, the Colonial Pipeline, the VPN firm PulseSecure and JBS meat plants. The U.S. Government has made numerous statements and has stated they will take action if other governments do not step up in combatting cyber-attacks that have reported to originate within their countries.
As a managed services provider, we have to work as the world is now, not how we wish it would be. As part of JustTech’s review, we will do a review of our partners and also focus on ways to make recovery even faster for clients should an event like this happen again. Critical discussions with JustTech team members & clients will be how we reduce the downtime, how we decrease the economic impact and how we minimize the negative mental health effects on clients and our team members. As a managed services provider, we will strive to further lesson the pain from these types of cyber-attacks.
Please contact us if you have any questions.