Jay Tipton, CEO of Technology Specialist was wrapping up a meeting with client, when he suddenly noticed his Outlook was doing something odd. He didn’t think much of it, passing it off as Microsoft just doing ‘something silly’—that all changed as soon as he got a call from the office.
Nobody in the office could get into ConnectWise or Kaseya, and soon after, calls came in from clients about their machines acting crazy and files popping up on their screens.
When Tipton got back to the office, he noticed a ransom note on a screen and started immediately shutting down machines. “I knew at that point a little bit of what was going on, but not the full details of how many people were hit. At first, I thought it was just us,” he told MJ Shoer, Executive Director, COMPTIA ISAO in a video interview, “and that’s the worst feeling you’ll ever have.”
In his career, he’s never lost any client data, and in that moment, his worst fear was unfolding. The days following the attack, Tipton was working about 20 hours each day helping to re-store data and get his clients’ systems back up.
The Emotional Toll
He recalls being physically nauseous, unable to eat for days, and having to remove himself from coordinating the aftermath of the attack. “I couldn’t do it,” he said. “I was too close to it, I had too much emotional ties to what was going on.”
He told his office staff to run with the disaster recovery plan, so he could prioritize getting medical clients back up and running. “You just become self-aware of what you can’t do,” he says, “and it’s not because I didn’t want to — mentally, I couldn’t prioritize things, I kept jumbling up the list of what had to get done,” he told Shoer.
Fortunately, Technology Specialist, who manages around 60 clients under MSP contract, many of which are longtime clients, were able to recover all of its managed clients’ data.
Many clients were understanding and that there was nothing Technology Specialist could have done to stop this. “Nothing is 100% safe anymore,” said Tipton.
The company had some issues restoring data, “part of it had to do with download speeds because everybody was trying to hit data centers at the same time, but luckily some clients, we were just backing up their files, like their QuickBooks off-site, and that’s all they were really concerned about,” he said.
Tipton found out the hackers came in through a form and injected a malicious code into the system. “The system took it and ran with it, and being a computer, it’s not going to care what the code tells it to do, it’s just going to do it.”
Lessons Learned from the Kaseya Attack
Since the attack, Tipton is changing the way the company is backing up clients’ data. He also is changing his disaster recovery plan, especially how it’s stored – the attack left him without access to the file on his computer and on other server locations where it was stored.
It took the company almost 36 hours to get its password vault restored. Paper printouts of recovery plans and passwords are some things he noted changing.
Tipton was grateful and overwhelmed by the outpouring of support he received from the IT community. He ex-business partner came in to help, people donated servers, and even clients pitched in to help not only get their company back up, but other clients as well.
The Kaseya attack was not just an attack on MSPs, but the entire IT community.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!