Over the holiday weekend, a cyber-criminal organization known as REvil, launched a ransomware attack on a cybersecurity company, Kaseya. Kaseya is a cloud-based MSP platform that allows Managed IT Service Providers tools to be able to monitor the state of their customers' PCs, as well as manage updates. Kaseya is one of many companies that provide tools to Managed IT Service Providers.
Of the nearly 30 tools Kaseya provides to the MSP market, only one, Kaseya VSA, was compromised.
Once irregularities in the system were noticed Friday, July 2nd, 2021, Kaseya worked with partners in the industry and clients to gather information and shut down their VSA servers to prevent any further damage. More Information about Kaseya Attack
The Kaseya customers that were victims of the attack were Managed IT Service Providers. Some of these MSPs' customers were also involved in the attack.
As many as 1,500 companies from all over the world had their systems encrypted through their MSPs in the attack. The attack was planned to launch on midday Friday as it lined up with the July 4th weekend.
Response to Attack
The FBI and CISA are considering it a supply-chain attack caused by a zero-day vulnerability that Kaseya was working on patching when it was exploited by REvil.
In a statement addressing the attack, the FBI stated:
"Due to the potential scale of this incident, the FBI and CISA may be unable to respond to each victim individually, but all information we receive will be useful in countering this threat."
About CTG Tech
CTG Tech is a local managed IT service provider that leverages technology to support businesses. We deliver top-tier technology consulting, support, services, and maintenance using cost-effective approaches that help their clients maximize productivity & profitability.
CTG Tech was not affected by this attack because we do not utilize Kaseya's VSA remote monitoring tools.
Check out our Security Resources to educate you about security, where to report cyber attacks and dangers to businesses.