On July 2, 2021, Kaseya VSA, an RMM (remote monitoring and management) software platform, was the target of a supply chain cyberattack that affected around 50 MSPs. Kaseya’s SaaS-based VSA platform will be re-activated with security updates on Sunday, July 11, 2021, after a July 6 delay, according to CEO Fred Voccola.
On July 5, 2021, Kaseya CEO Fred Voccola informed Reuters that the REvil ransomware assault on July 2, 2021, expanded from MSPs to between 800 and 1,500 enterprises around the world.
A timeline of the Kaseya VSA cyberattack, as well as status updates and business recovery suggestions for MSPs, may be seen below. The blog was first published on July 2, 2021. After that, it will be updated on a regular basis.
The massive ransomware attack on Kaseya may have been avoided entirely. Former Kaseya employees who spoke to Bloomberg said they alerted officials about “significant” security problems in the company’s products on several occasions between 2017 and 2020, but that the company failed to address them. A handful of employees came to a halt or stated that they had been sacked for inaction.
Kaseya was accused of using obsolete code, weak encryption, and failing to patch software on a regular basis, according to employees. The company’s Digital System Administrator (VSA), a remote maintenance tool that was infected with ransomware, was allegedly riddled with enough flaws that employees wanted it replaced.
One employee claimed he was fired two weeks after providing a 40-page safety briefing to superiors. Others were simply frustrated by the apparent focus on additional options and releases rather than addressing fundamental issues. Kaseya also lay off some employees in 2018 in favor of outsourcing work to Belarus, which some employees viewed as a security risk given local leaders’ ties to the Russian government.
Kaseya has remained silent.
The company has shown signs of wanting to make improvements. It caused some problems once Dutch researchers discovered flaws. However, it did not solve all of Kaseya’s problems, and it was not long before analyst firms like Truesec uncovered glaring faults in the platform.
This wasn’t Kaseya’s first run-in with a stumbling block. Between 2018 and 2019, the company’s software was apparently exploited to launch ransomware at least twice, yet it did not significantly rethink its security strategy.
Kaseya’s situation would not be unique, regardless of how accurate the experiences were. Employees at SolarWinds, Twitter, and other companies have spoken out about safety issues that were not addressed in a timely manner. That just serves to exacerbate the situation, you reason. It indicates that vital components of America’s online infrastructure have deteriorated as a result of neglect and that these fundamental errors are all too common.
