Kaseya, an enterprise tech firm, is the latest victim of malicious ransomware. The company has confirmed that approximately 1,500 businesses have been impacted by the attack over the Fourth of July weekend, though the attackers are saying they’ve already impacted over one million computers.
The attackers apparently carried out a supply chain ransomware attack by (naturally) exploiting a previously unknown vulnerability in the company’s VSA software against their customers and several managed service providers. VSA is the company’s remote monitoring and management software used for managing and updating endpoints (like PCs or cash registers).
“To date, we are aware of fewer than 60 Kaseya customers, all of whom were using the VA on-premises product, who were directly compromised by this attack. While many of these customers provide IT services to multiple other companies, we understand the total impact thus far has been to fewer than 1,500 downstream businesses. We have not found evidence that any of our SaaS customers were compromised,” stated Kaseya in an update.
The attack was initially launched on Friday, July 2. Kaseya released a Compromise Detection Tool to customers the next day, which would analyze servers and endpoints to see if indicators of compromise were detected. On Sunday, July 4, the actors asked for $70 million in Bitcoin in exchange for their universal decryption tool. The following day, Kaseya announced a patch for on-premise customers, which should roll out within 24 hours after its SaaS servers go back online.
Over the weekend, Kaseya met with the FBI and the CISA to discuss security measures—like systems and network hardening requirements. The company also noted, “A set of requirements will be posted prior to service restart to give our customers time to put these countermeasures in place in anticipation of a return to service on July 6th.”
Kaseya’s servers remained offline days after the attack, which has impacted notable companies like Coop, a Swedish grocery store franchise with over 800 stores whose cash registers were crashed. Kaseya says it will provide additional attack details and keep customers abreast of security efforts and a full restoration timeline as they move forward.