Ransomware Attack on MSP Software Firm Reve …

Up to 1500 businesses around the world are reeling following a ransomware attack on an American IT firm.

Kaseya, a Florida-based company that offers IT management software for managed service providers, was targeted over Independence Day weekend. The incident impacted 50 of Kaseya’s customers, which in turn translated to about 800-1,500 clients of the MSPs they work with, according to CBS News.

The Russian-linked hacking gang, REvil, demanded $70 million in ransom, but later lowered their price down to $50 million, CBS reported. It’s unclear if the company plans to negotiate.

Get the latest guidance from CISA and the FBI on this attack here. 

In response to the attack, the company responded by engaging the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, and they were able to root out the cause of the attack, according to a statement from the company.

“Our global teams are working around the clock to get our customers back up and running,” said Fred Voccola, CEO of Kaseya in the statement. “We understand that every second they are shut down, it impacts their livelihood, which is why we’re working feverishly to get this resolved.”

Based on reporting from Reuters, the attack resulted in the temporary closure of hundreds of Coop supermarkets in Sweden, due to inoperable cash registers, as well as several schools in New Zealand being kicked offline.

However, the company’s quick response did spare hundreds of thousands of organizations from having the same fate. In the statement, Kaseya said that the company has more than 35,000 MSP customers, equating to 800,000-1,000,000 organizations using the software. The company continues to recommend customers stop using the affected software and follow CISA’s guidance on handling ransomware attacks.

“It’s important to remain vigilant. Our guidance continues to be that users follow Kaseya’s recommendation to shut down VSA servers immediately, to adopt CISA’s mitigation guidance, and to report if you have been affected to the IC3.”

LEARN MORE:

Click here to read the VRTAC advisory on the Kaseya attack.