Kaseya announced that the company is attacked by a gang using the REvil ransomware service. The company also stated that the company and its customers were the victims of the attack on its VSA product, which is software for remote monitoring PCs, servers, printers, networks, and POS systems. The hackers are demanding $70 million in BTC for the decryption tool.
The US Cybersecurity & Infrastructure Security Agency and FBI are currently investigating the incident and issued joint guidance. U.S. President Joe Biden also stated that he believes that Russia was not connected to the attack, but if it was, he’s told Putin that the US will respond.
Kaseya also stated that a patch is being developed and should be available shortly after its SaaS servers are back online. The company also released a free comprise detection tool to allow customers to check their networks and computers. Fred Voccola, CEO of Kaseya said,
“We immediately notified our on-premises customers via email, in-product notices, and phone to shut down their VSA servers to prevent them from being compromised. We then followed our established incident response process to determine the scope of the incident and the extent that our customers were affected.
We engaged our internal incident response team and leading industry experts in forensic investigations to help us determine the root cause of the issue. We notified law enforcement and government cybersecurity agencies, including the FBI and CISA. While our early indicators suggested that only a very small number of on-premises customers were affected, we took a conservative approach in shutting down the SaaS servers to ensure we protected our more than 36,000 customers to the best of our ability.”