new-logo-1080new-logo-1080new-logo-1080new-logo-1080
  • Products
    • Single Sign-OnCentralized one-click secure access to all your apps
    • Smart Password Manager Empower users to reset passwords on their own using smart factors
    • Adaptive Authentication Detect high risk logins based on user behavior and prompt MFA
    • User Self-Registration Eliminate the practice of sending default passwords to new users joining the institution
    • Automated Provisioning Manage digital identities and onboard users on the fly by providing the right permissions in real-time
    • Mobile AppAccess all your applications using a single set of credentials from mobile
    • Passwordless AuthenticationEliminate Passwords, Go Passwordless!
    • APPLICATION INTEGRATION Simplifying application integration across the cloud to achieve security and compliance
  • Partners
  • Pricing
  • Customers
  • Events
    • Conferences
    • Upcoming Webinars
    • Working Group
  • Company
    • About Us
    • Newsroom
    • Resources
    • Careers
    • Contact Us
  • Blog
Get a Demo

Kaseya Ransomware Attack – The Complete Story

Published by IAM Expert at July 8, 2021
Kaseya Ransomware Attack – The Complete Story

Kaseya, a Miami-based IT solutions developer for MSPs and enterprises, recently announced that it had become victim of a cyberattack on July 2, 2021. According to Bloomberg, the executives at Kaseya’s Miami office were warned about the critical security flaws in its software before the ransomware attack. The report also states that from 2017 to 2020, Kaseya’s employees in its U.S. offices flagged wide-ranging cybersecurity concerns to the company leadership. But those issues weren’t fully addressed.

The cyberattack has affected as many as 60 MSPs impacting more than 1,500 businesses. The attackers have carried out a supply chain ransomware attack by leveraging a vulnerability in Kaseya’s VSA software against multiple MSPs and their customers. This attack has been accredited to the REvil ransomware group, who have claimed to have encrypted over one million end-customer’s systems.

The Ransomware Attack - What happened?

On July 2, 2021 at 2:00 PM EST, Kaseya’s CEO Fred Voccola announced a potential attack against the VSA that has been limited to a small number of on-premises customers. At the same time, as a precautionary measure, he also urged clients to immediately shut down their VSA servers. As Kaseya’s Incident Response Team investigated further, the vendor decided to shut down its SaaS servers and pull its data centers offline.

The FBI described it as a supply chain ransomware attack leveraging a vulnerability in Kaseya’s VSA software. Reports claim that the attack was triggered via an authentication bypass vulnerability in the Kaseya’s VSA web interface. This helped the attackers to dodge authentication controls, gain an authenticated session, upload a malicious payload, and then run commands via SQL injection, achieving code execution in the process.

Who was impacted?

According to reports, 800 Coop supermarket chain stores in Sweden had to close operations as they were unable to open the cash registers. Huntress said in a Reddit explainer that 1,000 companies had servers and workstations encrypted. The vendor added that thousands of small businesses may have been impacted.

Sophos VP, Ross McKerchar commented that this is one of the farthest-reaching criminal ransomware attacks that Sophos has ever seen.

One July 5, Kaseya gave revised estimates saying that fewer than 60 customers and 1,500 downstream businesses were impacted. On July 6, the estimate was revised again with the impact downgrading to 50 direct customers, and between 800 and 1,500 businesses down the chain. Kaseya also claimed that none of the SaaS customers were compromised.

How can you prevent this from happening to you?

To minimize your risk via a supply chain, you need to ensure that you sever all your network connections to your vendor as soon as you get to know that they are no longer safe. This can happen to the best of us. Staying alert and prepared can help prevent such attacks.

Recent Post

  • MFA Now Becomes Mandatory to Get Cyber Insurance Coverage from a Cyberattack June 16, 2022
  • Passwordless Authentication – The End of the Era of Passwords June 9, 2022
  • Closing The Zero Trust Gap: A Quick Read into The Future of Cybersecurity June 7, 2022
  • 4 Reasons Why Microsoft Customers Choose QuickLaunch for Identity Management May 4, 2022
  • Two-Factor vs. Multifactor Authentication: What’s the Difference? April 20, 2022
Share
3

Related posts

June 16, 2022

MFA Now Becomes Mandatory to Get Cyber Insurance Coverage from a Cyberattack


Read more
June 9, 2022

Passwordless Authentication – The End of the Era of Passwords


Read more
June 7, 2022

Closing The Zero Trust Gap: A Quick Read into The Future of Cybersecurity


Read more
logo

Products


  • Single Sign-On
  • Smart Password Manager
  • Adaptive Authentication
  • Automated Provisioning
  • User Self-Registration
  • Application Integration
  • Mobile

Quick Links


  • QuickLaunch Premium
  • Passwordless Authentication
  • Product Accessibility
  • Role-Based Access Control
  • GDPR Compliance
  • QuickLaunch 5: End-of-Life
  • QuickLaunch 5 vs QuickLaunch 8

About Us


  • Company
  • Contact Us
  • Partners
  • Newsroom
  • Privacy Policy

Social


©2022 QuickLaunch, Inc. All rights reserved.