Kaseya is a mega service firm that provides IT management software to companies worldwide. The company is the latest victim of REvil ransomware. And it may turn out to be bigger than the recent SolarWinds attack.
REvil ransomware was used to hack into Kaseya’s computers disguised as a system update. The attack on July 2nd was timed just prior to the 4th of July holiday weekend.
This attack differs from the 2020 SolarWinds attack. SolarWinds exposed sensitive data from United States government offices, as well as private companies. It has been called the “largest security breach” ever.
Kaseya is a software company used by more than 36,000 companies on a global-basis. And the ransomware attack puts many of its key customer’s data at-risk.
Kaseya Updates Clients
Kaseya is posting a detailed description of the ransomware attack. And client warnings including updates on its website.
Kasaya is advising all of its customers to turn their systems off and remain offline.
- “Hosted VSA Servers will become operational once Kaseya has determined that we can safely restore operations. We are in the process of formulating a staged return to service of our SaaS server farms with restricted functionality and a higher security posture (estimated in the next 24-48 hours but that is subject to change) on a geographic basis. More details on both the limitations, security posture changes, and time frame will be in the next communique later today.
- All on-premises VSA Servers should continue to remain offline until further instructions from Kaseya about when it is safe to restore operations. A patch will be required to be installed prior to restarting the VSA and a set of recommendations on how to increase security posture.
- We have been advised by our outside experts, that customers who experienced ransomware and receive communication from the attackers should not click on any links as they may be weaponized.”
Experts are concerned
Nathan DeSutter, CEO of Compnology, claims that “We won’t know the full effect of this for at least days, the FBI is involved, the CISA, that’s the federal cybersecurity agency, is involved, and this is going to get much worse before it gets better.”