All insights

Kaseya Ransomware Attack: Everything You Need To Know (ZDNet)

A combination lock sitting on a laptop

Read news about the Kaseya Ransomware Attack

July 7, 20213 min read

Kaseya, an IT solutions developer for MSPs and enterprise clients, announced that it had become the victim of a cyberattack on July 2, over the American Independence Day weekend.

It appears that attackers have carried out a supply chain ransomware attack by leveraging a vulnerability in Kaseya’s VSA software against multiple managed service providers (MSP) – and their customers.

According to Kaseya CEO Fred Voccola, less than 0.1% of the company’s customers were embroiled in the breach - but as their clientele includes MSPs, this means that smaller businesses have also been caught up in the incident.

Present estimates suggest that 800 to 1500 small to medium-sized companies may have experienced a ransomware compromise through their MSP.

The attack is reminiscent of the SolarWinds security fiasco, in which attackers managed to compromise the vendor’s software to push a malicious update to thousands of customers. However, we are yet to find out just how widespread Kaseya’s ransomware incident will prove to be.

What Happened?

On July 2 at 2:00 PM EDT, as previously reported by ZDNet, Kaseya CEO Fred Voccola announced “a potential attack against the VSA that has been limited to a small number of on-premise customers.”

At the same time, out of an abundance of caution, Voccola urged clients to immediately shut down their VSA servers.

“It’s critical that you do this immediately because one of the first things the attacker does is shut off administrative access to the VSA,” the executive said.

Customers were notified of the breach via email, phone, and online notices.

As Kaseya’s Incident Response team investigated, the vendor also decided to proactively shut down its SaaS servers and pull its data centers offline.

By July 4, the company had revised its thoughts on the severity of the incident, calling itself the “victim of a sophisticated cyberattack.”

Cyber forensics experts from FireEye’s Mandiant team, alongside other security companies, have been pulled in to assist.

“Our security, support, R&D, communications, and customer teams continue to work around the clock in all geographies to resolve the issue and restore our customers to service,” Kaseya said, adding that more time is needed before its data centers are brought back online.

Once the SaaS servers are operational, Kaseya will publish a schedule for distributing a security patch to on-prem clients.

In a July 5 update, Kaseya said that a fix has been developed and would first be deployed to SaaS environments, once testing and validation checks are complete.

“We are developing the new patch for on-premises clients in parallel with the SaaS Data Center restoration,” the company said. “We are deploying in SaaS first as we control every aspect of that environment. Once that has begun, we will publish the schedule for distributing the patch for on-premises customers.”

Read more at ZDNet

Continue reading

More perspectives

View the archive

Put insight to work

Bring the right security expertise to the next decision.

Tell us what your organization is facing. We will help define the practical next step.

Start a conversation