Kaseya CEO addresses REvil affiliate ransomware attack on the company’s VSA customers
Kaseya's CEO addresses the sophisticated ransomware attack by a REvil affiliate on the company's VSA customers.
On July 2, at approximately 2 pm EST, American software company Kaseya was alerted to a potential attack by internal and external sources. In less than an hour, the company had shut down access to the affected software.
As soon as access was blocked, an internal incident response team, partnering with industry experts in forensic investigations, begin working to discover the nature of the attack. Law enforcement and government cybersecurity agencies, including the FBI and CISA, were notified and engaged. Soon after the attack, with their assistance, the root cause was identified.
The attack had a relatively limited impact, with approximately 50 of more than 35,000 Kaseya customers breached.
Many of Kaseya's customers are managed service providers and use its software to manage IT infrastructure for local and small businesses with less than 30 employees, such as dentists offices, small accounting offices, and local restaurants.
Approximately 800,000 to 1,000,000 local and small businesses managed by Kaseya's customers, around 800 to 1,500 were compromised by the attack.
“Our global teams are working around the clock to get our customers back up and running,” says Kaseya CEO, Fred Voccola.
“We understand that every second they are shut down, it impacts their livelihood, which is why we're working feverishly to get this resolved. Kaseya is actively engaged with various governmental agencies, including the FBI, CISA, Department of Homeland Security and the White House.”
Computer incident response firm, FireEye Mandiant IR, is also working closely with Kaseya on the security incident.
“This is a collaborative effort to remediate the issue and identify the parties responsible, so they may be held accountable,” says Voccola.
“We are beyond grateful for their assistance in getting our customers back online. The immediate action-oriented and solution-based approach of CISA and the FBI, with tremendous overall support from the White House, has proven to be a huge help in ensuring that this attack led only to a small number of impacted customers.”
“While every customer impacted is one too many, the impact of this highly sophisticated attack has proven to be, thankfully, greatly overstated,” he says.
Kaseya is currently working to bring the SaaS servers back online, with a patch to be released within 24 hours of them being up.