Kaseya an enterprise tech firm has confirmed that up to 1,500 businesses were impacted as a result of an attack on its remote device management software. The software was used to spread ransomware to Kaseya customers.
The vulnerability found in the supply chain VSA software was the leverage the attackers used against the multiple managed service providers and their customers.
Kaseya in a statement said that they are aware of fewer than 60 customers who were directly compromised by this attack, many of these customers provide IT services to multiple other companies. It went further to say, there was no evidence that any SaaS customers were compromised as a result of the attack.
The attackers exploited a previously unknown flaw in the VSA software, which is used by MSPs and their customers. VSA is a remote monitoring and management software used to manage endpoints, such as servers, cash registers PCs.
On Sunday, the attackers reportedly asked for $70 million in exchange for a universal decryption tool that would resolve the issue for Kaseya and its affected customers. Some victims, such as Swedish supermarket Coop remained closed for business due to the attack. The company is currently working to replace its affected cash registers at multiple stores, as said in a statement by the company
For customers running VSA on their servers, Kaseya has developed a patch. A new, free detection tool that customers can use to check indicators of compromise, data encryption. Customers are urged to keep VSA servers offline until its safe to proceed with restoration efforts.