Over the holiday weekend, a cyber-criminal organization known as REvil, launched a ransomware attack on a cybersecurity company, Kaseya. Kaseya is a cloud-based MSP platform that allows Managed IT Service Providers tools to be able to monitor the state of their customers’ PCs, as well as manage updates. Kaseya is one of many companies that provide tools to Managed IT Service Providers.

Of the nearly 30 tools Kaseya provides to the MSP market, only one, Kaseya VSA, was compromised.

Ransomware Victims

The Kaseya customers that were victims of the attack were Managed IT Service Providers. Some of these MSPs’ customers were also involved in the attack.

As many as 1,500 companies from all over the world had their systems encrypted through their MSPs in the attack. The attack was planned to launch on midday Friday as it lined up with the July 4th weekend.

Response to Attack

The FBI and CISA are considering it a supply-chain attack caused by a zero-day vulnerability that Kaseya was working on patching when it was exploited by REvil.

In a statement addressing the attack, the FBI stated:

In addition to the FBI and CISA, the White House is urging victims of this attack and other attacks to report incidents.

About CTG Tech

CTG Tech is a local managed IT service provider that leverages technology to support businesses. We deliver top-tier technology consulting, support, services, and maintenance using cost-effective approaches that help their clients maximize productivity & profitability.

CTG Tech was not affected by this attack because we do not utilize Kaseya’s VSA remote monitoring tools.

Check out our Security Resources to educate you about security, where to report cyber attacks and dangers to businesses.