IT management software vendor Kaseya whose VSA software platform is used by other tech companies to monitor and manage customers’ IT networks, has been the victim of an audacious cyberattack. On July 2, the business issued a security advisory urging its customers to immediately shut down versions of VSA running on their own servers. It also suspended its own cloud-based VSA service.
Kaseya VSA is a remote management platform for MSPs that provides solutions such as automated patch management. According to Kaseya, the platform has been used by more than 36,000 MSP customers worldwide.
"Beginning around mid-day (EST/US) on Friday, July 2, 2021, Kaseya's Incident Response team learned of a potential security incident involving our VSA software," the company's CEO Fred Voccola said in a statement shared late Friday.
Kaseya's official recommendation is to:"IMMEDIATELY shutdown your VSA server until you receive further notice from us."
This attack already has compromised eight of Kaseya's MSP customers with 200 businesses linked to three of the victims reporting instances of file encryption. This Reddit post from huntresslabs show the progress of sorting out how to fix this ransomeware attack.
On Friday, Mark Loman, a malware analyst at security firm Sophos, tweeted the hackers demanded $5 million as ransom in exchange for the file decryptor. Image comes from thehackernews.com.
This seems to be quite nasty and here in Sweden it has affected one of our chain of groceries stores as they are unable to make payments due to this affecting their cashiers. In the US hundreds of companies have been affected and it is safe to assume that many companies in the EU and elsewhere might be affected as well.