On July 22nd, Kaseya, a US-based IT company was hit with a massive ransomware attack. Kaseya provides IT tools to companies to monitor & manage their infrastructure. A tool named VSA was reported to have a severe vulnerability by the Dutch Institute for Vulnerability Disclosure (DIVD).
Kaseya has almost 37k customers out of which only 50 customers were impacted by the ransomware attack. Most of Kaseya’s customers are MSPs (Managed Service Providers) who provide services to other small or medium businesses.
The 50 customers who were impacted by the attack have around 800k to 1million customers around the World. According to Kaseya’s CEO Fred Voccola, 800-1500 customers of their MSPs were directly hit by the attack. The attack affects businesses from all over the world, but most affected are from Sweden, Germany, Netherlands, and New Zealand. Several IT companies were impacted in Germany, Supermarkets in Sweden, and Schools and Kindergartens in New Zealand.
A Russian group of hackers called REvil took responsibility for the attack. A representative of REvil talked to Reuters and victims of the attack in an online chatroom to negotiate. They demanded $70 million for decrypting all the customers’ data with a global key.
When asked about paying ransom to hackers, Fred Voccola said, “I can’t comment ‘yes,’ ‘no,’ or ‘maybe’,” “No comment on anything to do with negotiating with terrorists in any way.”
David Jacoby, deputy director at Kaspersky also responded by saying “Paying a ransom is just putting the fire out but it will not make your environment more secure.”
Fred also put out a video to deal with several important questions including how his company is dealing with the attack and its plans for the future.
To mitigate the attack, the vulnerable tool VSA and related services were brought down offline immediately. At the time of writing this article, the company is planning to take these tools back online within a few hours.