Florida-based IT company Kaseya has been hit by a ransomware attack which could affect hundreds of companies. Beginning on Friday, July 2, 2021, Kaseya’s Incident Response team learned of a potential security incident involving its VSA software.
In a statement, Kaseya said it immediately shut down its SaaS servers as a precautionary measure, even though it had not received any reports of compromise from any SaaS or hosted customers. Kaseya also notified its on-premises customers via email, in-product notices, and via phone to shut down their VSA servers to prevent them from being compromised.
The company notified law enforcement and government cybersecurity agencies, including the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency (CISA).
CISA issued its own statement to say it is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software. CISA advised organizations to follow Kaseya’s guidance to shut down VSA servers.
Kaseya provides a software platform designed to help manage IT services remotely and has tens of thousands of customers around the world but believes only a small percentage were affected. The company and its partners are investigating to determine the root cause of the issue.
“We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it for our on-premises customers that will be tested thoroughly,” Kaseya said in its statement on Friday. “We will release that patch as quickly as possible to get our customers back up and running.”
Cybersecurity firm Huntress Labs and Sophos director and “ethical hacker” Mark Loman said they believe the Russia-linked REvil ransomware group was responsible. In late May 2021, a ransomware attack on the computer networks of JBS, the world’s largest meat-processing company, by REvil led to multiple meat plants shutting down throughout the United States, Canada, and Australia, including all nine beef plants in the U.S.
Last month, President Biden told Vladimir Putin that Russia had a responsibility to act on cybercrime and said he gave his Russian counterpart a list of 16 critical infrastructure sectors that should not be subject to hacking.