REvil Attack on ‘Kaseya’ Compromised Tens of Hundreds With Ransomware
- Approximately 1,500 businesses and organizations have been impacted by the ‘Kaseya’ breach.
- The incident unfolded on Friday and the software company is still fighting to bring everything back online.
- The scenario of paying the demanded ransom of $70 million hasn’t been ruled out yet.
It’s been a couple of days since the news about a malicious Kaseya update went live, and the first estimations about the effect of the supply chain attack are pretty dire. The American software vendor now estimated that roughly 1,500 businesses supported by 60 of its customers have been infected by ransomware deployed through its product, VSA. The actors exploited a bug on the IT management solution to deploy the ransomware strain, encrypting the customers' files and demanding a ransom payment of no less than $70 million.
While the number of the affected points isn’t impressive, the impact is wide because all of the 60 customers of Kaseya are MSP (Managed Service Providers) firms who naturally support hundreds of others with their services. So far, only five out of the sixty victims have openly admitted the security breach, namely VelzArt, Hoppenbrouwers, Visma EssCom, Synnex, and Avtex. There’s a question mark around the remaining 55, but signs of extensive outage have appeared on seemingly random and unrelated places like supermarkets, schools, dentist offices, accountants, and public agencies.
The company last updated the public about the incident yesterday, clarifying that they could contain the impact of the attack and that only VSA was affected. The SaaS tool is still offline as there are some safety checks and validations to perform, but everything should be back online later today, even if some features will be missing. In the meantime, the FBI and CISA are actively involved to ensure that the restoration of the service will be done properly.
For now, the customers can only run a detection tool to figure out if their VSA server or managed endpoint has been compromised or not. The software company has identified the exploited flaw, and they are in the process of fixing and releasing a patch for it. The speculation about this being the result of lengthy cyber espionage has been officially denied as baseless. The firm has promised to share more details about the breach when the situation allows.
As for who is called to pay the bill, that would be Kaseya, whose spokesperson told Reuters that they don’t want to give public comment on the topic. As such, the potential negotiations in the case of the largest ransomware attack in recent history have neither been confirmed nor refuted.