🔗💰💣

Kaseya Security Incident

July 2, 2021 1543 days ago Resolved

Incident Overview

Situation Description

Kaseya experienced a supply-chain attack through its remote IT management software, VSA, due to the REvil ransomware.

Event Types

Supply Chain Compromise Ransomware Malware / Destructive Attack

Industry Sector

Technology

Geographic Scope

Global

Response Actions

Isolated Compromised Systems Took Systems or Services Offline Notified Affected Individuals & Entities Shared Threat Intelligence

Impact Analysis

Event Types (3 identified)

Supply Chain Compromise Ransomware Malware / Destructive Attack

Financial Impact

$70,000,000 USD

Records Affected

Data Types Compromised

Operational / System Data

Primary Impacts

Operational Disruption Financial Loss

Key Decisions Made

Kaseya immediately disconnected their servers to contain the breach.; Kaseya maintained communication with all of their 36,000+ clients about the incident.; Affected organizations were advised by CISA and the FBI to shut down VSA servers immediately.

Technical Analysis

Attack Method

Supply Chain Compromise

Threat Actor Attribution

REvil

Vulnerability / Tool

Kaseya VSA

Additional Information

News Commentary: REvil ransomware strikes again, thousands of SMBs potentially infected LAST EDITED: PUBLISHED: The Kaseya incident is the largest ransomware supply-chain attack to date. How can your organisation best protect itself? On Friday, July 2, 2021, before the American Fourth of July long weekend, affiliates of the REvil RaaS (Ransomware-as-a-Service) threat actors executed a supply-chain attack through Kaseyas remote IT management software, specifically affecting its Virtual System Administrator (VSA). Kaseya, a software platform designed to help manage IT services remotely, and its affiliated partner researchers, were aware of the exploit and were working on a patch when the REvil ransomware was launched. In a sprint between threat actors and security experts, the bad guys won out before a patch could be implemented. The attack affected hundreds and likely thousands of businesses globally with the REvil ransomware demanding USD 70 Million in Bitcoin to restore the encrypted data being held captive. The timing was not coincidental as major cyber attacks similar to this one are carefully coordinated to commence around major holidays with threat actors anticipating slower response times and a generally sparse IT staff during the attack. Kaseya released a statement noting that they immediately disconnected their servers and have maintained communication with all of their 36,000+ clients about the incident. Their actions allowed them to contain their breach to less than 60 clients; however, of those that were affected, more than 30 were MSPs which in turn have thousands of their own clients who could be affected. Who was affected? The far-reaching impacts of the attack are still being pieced together as thousands of companies globally were targeted. Some larger retailers like Swedish Coop supermarkets needed to shut down hundreds of stores as their checkout cash register system was taken offline. CISA and the FBI have released Guidance for MSPs and...

... (truncated for display)

Quick Facts

Company:: Kaseya
Date:: July 2, 2021
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: nan

Source Information

Original Query

"Kaseya" VSA ransomware attack "supply chain" response

View Original Source

Timeline

Information Published

nan

Incident Occurred

July 2, 2021 (1543 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats