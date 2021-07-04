The Kaseya software company, which creates solutions and products for companies that need remote IT services, suffered a cyber attack last Friday. Since the company is connected to hundreds of other companies to offer its services, the ransomware attack has been deployed directly offering hackers access to many other companies. It is believed to be one of the largest such attacks on record.

Kaseya is a company that sell your products to managed service providers. In other words, it is the company that offers the software tools for other companies to offer IT services and support to many other companies. Using Kaseya software, your customers can manage and push updates to their own customers (which are smaller companies).

Kaseya revealed the attack last Friday indicating that she had been the victim of “a possible attack”, first affecting proprietary software called VSA. Advised customers to shut down the VSA immediately. They also warned that the attack had been carried out on a limited number of users only, although in cases like this it generally unfolds practically exponentially.

It is not known for sure how this attack is being carried out. However, it seems that is affecting both Kaseya and its customers and their customers. Through a malicious update of the VSA service, the ransomware attack has spread to Kaseya itself, to its customers who use the tool, and even to customers who receive IT services.

Kaseya for the moment says that “Less than 40” of your clients have been affected. These “less than 40” clients, as we have seen, can have hundreds of clients behind them, which in principle can also be affected.

Who is behind the attack?

Again, it is not known for sure. But there are enough clues and according to the modus operandi to intuit that it is the REvil hacker group. Previously, they extorted Apple, for example, by filtering some MacBook prototypes, they also asked Acer for 50 million dollars recently and in Spain they went for Adif.

The REvil group seems to be asking for different ransom prices for companies depending on their size. The Washington Post indicates that they have sent “two different ransom notes on Friday, demanding $ 50,000 from smaller companies and $ 5 million from larger ones.

The US federal cybersecurity watchdog has announced that they are taking action to address the ransomware attack on Kaseya and how it has affected other customers. They already warned that they were going to persecute them firmly. Recommendations for now are to follow Kaseya’s instructions for stop VSA operations temporarily.

Via | Bloomberg

More information | Kaseya