Kaseya, an IT solutions developer that was the victim of a huge ransomware attack on July 2, said that up to 1,500 of its clients have been compromised. This was only the latest in the string of ransomware attacks that have hit US businesses and services, taking an increasingly large toll on their bottom line.
The company announced it was a victim of a ransomware attack on July 2, over the American Independence Day weekend. The hackers carried out a supply chain ransomware attack by using a vulnerability in Kaseya’s VSA software and compromising several Multiple Managed Service Providers (MSPs).
A lot of Kaseya’s clients are MSPs who utilize Kaseya tools to manage IT infrastructure for small businesses like dentists’ offices and restaurants. Kaseya software is used to manage between 800,000 and 1,000,000 small businesses in total. The attackers are believed to have triggered the hack through an authentication bypass vulnerability in Kaseya’s VSA web interface. Afterward, the hackers rolled out a fake update containing the ransomware to Kaseya customers.
After the attack occurred, Kaseya’s spokesperson stated that only 0.1% of their clients were affected. However, the problem is that most of their customers are MSPs who manage dozens of small businesses each. As such, current estimates say that between 800 and 1,500 small businesses were affected by the ransomware attack.
Originally, the attackers have requested a $70 million ransom to restore access to the affected files and data, but there are reports that they’ve reduced their demands to $50 million in the meantime. It’s unclear who is behind the attack, as the nature of cyberwarfare is such that perpetrators often remain anonymous, with security officials left only with second-hand guesses.
However, given the current political climate, it’s no surprise that fingers were quickly pointed at Russian groups such as REvil, who were suspected to be behind the ransomware attack on the meat processor JBS.
Kaseya has not commented on whether they’ll be paying the ransom. Kaseya’s CEO, Fred Voccola said “Our global teams are working around the clock to get our customers back up and running. We understand that every second they are shut down, it impacts their livelihood, which is why we’re working feverishly to get this resolved.”
Ransomware attacks are becoming both more frequent and more brazen. Companies and individuals are advised to employ ransomware protection in order to avoid losing access to their files or being forced to pay a ransom.