Kaseya ransomware attack; 1,500 companies affected, company confirms
Kaseya, an enterprise tech firm, has confirmed that roughly 1,500 businesses were impacted as a result of a cyberattack that targeted its remote device management software. According to the company, the software was then used to spread ransomware to Kaseya’s customers. The supply chain ransomware attack leveraged a vulnerability in the VSA software against multiple different managed service providers and their customers. However, Kaseya stated that they are aware of fewer than 60 customers who were directly compromised by this attack, adding that all of these were using the VSA on-premises product. Kaseya also asserted that there was no evidence that any SaaS customers were impacted as a result of the supply chain attack.
The cybercriminals exploited a previously undisclosed flaw located in the VSA software utilized by MSPs and their customers. VSA is a remote monitoring and management software used to manage endpoints such as cash registers, PCs, and servers. On Sunday, the cyber attackers reportedly asked for $70 million in exchange for a universal decryption tool that would resolve the issue for Kaseya and its impacted customers, some of which remained closed for business on Monday due to the attack. Swedish supermarket Coop was affected by the cyberattack and was forced to shut down its operations yesterday. The company is currently working to replace all of its affected cash registers at multiple stores, according to a statement issued by the company.