My TechDecisions

IT Infrastructure, Managed Service, Network Security, News

Kaseya Confirms Sophisticated Cyberattack Over The Holiday Weekend

Cyberattack against Kaseya shows hackers are becoming strategic and targeting remote managed service providers.

Leave a Comment

Adobe Stock/ MaksymFilipchuk

Kaseya, an IT management software provider for MSPs and IT teams confirmed it has been a victim of a sophisticated cyberattack over the Fourth of July holiday weekend.

According to a statement from Kaseya, about 60 Kaseya VSA product customers were affected by the attack. However, a cybersecurity researcher whose company was responding to the incident says it paralyzed the networks of at least 200 U.S. companies on Friday.

The REvil gang appears to be behind the attack, says John Hammond of the security firm Huntress Labs. The same gang is also linked to the May attack on the global meat processor JBS SA.

Read: U.S. Must Respond To Protect Businesses From Ransomware Attacks, Executives Say

The criminals used Kaseya’s network-management package to spread the ransomware through cloud-service providers.

“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, (this) has the potential to spread to any size or scale business,” Hammond said in a message on Twitter. “This is a colossal and devastating supply chain attack.”

Kaseya advised its customers to shut down the servers immediately and remain offline until further instructions from the company about when it is safe to restore operations.

A patch will be required to be installed prior to restarting the VSA. Customer who experience ransomware and receive communications from the attackers are instructed not to click on any links as they may be weaponized.

The company released a Compromise Detection Tool to search for indicators of the compromise. Over 2,000 customers have downloaded the tool since Friday.

Kaseya has met with the FBI/CISA to discuss systems and networking hardening requirements prior to service restoration for both SaaS and other customers.

The attackers requested $70 million in bitcoin. It is not known if the ransom was paid.

The attack is speculated to be intentionally timed for the Fourth of July weekend, when IT staffing is generally thin.

The Kaseya attack shows that hackers are becoming more strategic and targeting platforms like remote managed service providers that can take down multiple companies with one shot. For IT managers, make sure your systems are secure.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ