SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
IT Automation
#
Malware
Kaseya CEO addresses REvil affiliate ransomware attack on the company’s VSA customers
Wed, 7th Jul 2021
FYI, this story is more than a year old
Author image
By Ryan Morris-Reade, Contributor
Follow us

Kaseya's CEO addresses the sophisticated ransomware attack by a REvil affiliate on the company's VSA customers.

On July 2, at approximately 2 pm EST, American software company Kaseya was alerted to a potential attack by internal and external sources. In less than an hour, the company had shut down access to the affected software.

As soon as access was blocked, an internal incident response team, partnering with industry experts in forensic investigations, begin working to discover the nature of the attack. Law enforcement and government cybersecurity agencies, including the FBI and CISA, were notified and engaged. Soon after the attack, with their assistance, the root cause was identified.

The attack had a relatively limited impact, with approximately 50 of more than 35,000 Kaseya customers breached.

Many of Kaseya's customers are managed service providers and use its software to manage IT infrastructure for local and small businesses with less than 30 employees, such as dentists offices, small accounting offices, and local restaurants.

Approximately 800,000 to 1,000,000 local and small businesses managed by Kaseya's customers, around 800 to 1,500 were compromised by the attack.

“Our global teams are working around the clock to get our customers back up and running,” says Kaseya CEO, Fred Voccola.

“We understand that every second they are shut down, it impacts their livelihood, which is why we're working feverishly to get this resolved. Kaseya is actively engaged with various governmental agencies, including the FBI, CISA, Department of Homeland Security and the White House.”

Computer incident response firm, FireEye Mandiant IR, is also working closely with Kaseya on the security incident.

“This is a collaborative effort to remediate the issue and identify the parties responsible, so they may be held accountable,” says Voccola.

“We are beyond grateful for their assistance in getting our customers back online. The immediate action-oriented and solution-based approach of CISA and the FBI, with tremendous overall support from the White House, has proven to be a huge help in ensuring that this attack led only to a small number of impacted customers.”

“While every customer impacted is one too many, the impact of this highly sophisticated attack has proven to be, thankfully, greatly overstated,” he says.

Kaseya is currently working to bring the SaaS servers back online, with a patch to be released within 24 hours of them being up.

 

 

Related stories
Genetec unveils Security Center SaaS for cloud & hybrid deployments
IBM strengthens cyber resilience alliance with Cohesity
Mako boosts defence against cyber attacks with Radware's protection services
Appdome, Atlassian to automate secure mobile app delivery
Cado Security teams up with Wiz to bolster cloud security solutions
Top stories
Booming AI deepfake detector market set to hit USD $5.7 million by 2034
Biometrics market projected to reach USD $173.7bn by 2032, says report
Check Point boosts email security with new AI-powered features
SentinelOne makes it to CRN's inaugural AI 100 list
Upwind fortifies Cloud Security Platform with identity security