REvil Attack on ‘Kaseya’ Compromised Tens of Hundreds With Ransomware

  • Approximately 1,500 businesses and organizations have been impacted by the ‘Kaseya’ breach.
  • The incident unfolded on Friday and the software company is still fighting to bring everything back online.
  • The scenario of paying the demanded ransom of $70 million hasn’t been ruled out yet.

It’s been a couple of days since the news about a malicious Kaseya update went live, and the first estimations about the effect of the supply chain attack are pretty dire. The American software vendor now estimated that roughly 1,500 businesses supported by 60 of its customers have been infected by ransomware deployed through its product, VSA. The actors exploited a bug on the IT management solution to deploy the ransomware strain, encrypting the customers' files and demanding a ransom payment of no less than $70 million.

While the number of the affected points isn’t impressive, the impact is wide because all of the 60 customers of Kaseya are MSP (Managed Service Providers) firms who naturally support hundreds of others with their services. So far, only five out of the sixty victims have openly admitted the security breach, namely VelzArt, Hoppenbrouwers, Visma EssCom, Synnex, and Avtex. There’s a question mark around the remaining 55, but signs of extensive outage have appeared on seemingly random and unrelated places like supermarkets, schools, dentist offices, accountants, and public agencies.

The company last updated the public about the incident yesterday, clarifying that they could contain the impact of the attack and that only VSA was affected. The SaaS tool is still offline as there are some safety checks and validations to perform, but everything should be back online later today, even if some features will be missing. In the meantime, the FBI and CISA are actively involved to ensure that the restoration of the service will be done properly.

For now, the customers can only run a detection tool to figure out if their VSA server or managed endpoint has been compromised or not. The software company has identified the exploited flaw, and they are in the process of fixing and releasing a patch for it. The speculation about this being the result of lengthy cyber espionage has been officially denied as baseless. The firm has promised to share more details about the breach when the situation allows.

As for who is called to pay the bill, that would be Kaseya, whose spokesperson told Reuters that they don’t want to give public comment on the topic. As such, the potential negotiations in the case of the largest ransomware attack in recent history have neither been confirmed nor refuted.

Latest
How to Watch Interior Design Masters Season 4 Online from Anywhere
Fans of this reality show, which offers ambitious designers a chance to demonstrate their abilities and pursue their dreams of becoming professional...
How to Watch Rock The Block Season 4 Online: Stream the Renovation Series from Anywhere
Rock the Block, the smash hit home remodeling contest series, is back for its most fantastic season ever! The new six-episode season...
How to Watch Spring Baking Championship Season 9 Online: Stream the Cooking Competition from Anywhere
There’s no better way to welcome spring with some freshly baked goods, and that’s precisely how we’ll usher in the good weather...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari