The company expects to release a patch shortly for its impacted customers
The Revil gang has used Kaseya VSA software as a conduit for launching its ransomware attack. (Credit: Pete Linforth from Pixabay)
Kaseya said that its VSA software product has been subject to a ransomware attack claimed by the REvil ransomware gang that has impacted 800 to 1,500 businesses around the world.
The company, which is based in the US, provides IT and security management solutions for managed service providers (MSPs).
Its product Kaseya VSA has been developed as a remote monitoring and management software product. The software has been used as a conduit by the REvil gang, which is allegedly linked to Russia, for launching a sophisticated cyberattack.
REvil is demanding a ransom payment of $70m for publishing a decryptor that will enable the impacted businesses to recover from the attack within an hour.
On the other hand, Kaseya said that it has developed a Patch for its on-premises customers which is expected to be available shortly after its SaaS servers are brought online.
The company said that the attack was localised to a marginal number of on-premises customers.
The software vendor revealed that less than 60 of its customers, who were all using the VSA on-premises product, were directly compromised by the cyberattack. Many of these customers offer IT services to various other companies.
The company said that it did not find any evidence that any of its SaaS customers were affected by the attack.
Kaseya said that its MSP clients use its technology to handle the IT infrastructure for local and small businesses having less than 30 employees. These include dentists’ offices, local restaurants, and small accounting offices.
The company claimed that its customers manage nearly 800,000 to 1,000,000 local and small businesses.
Kaseya CEO Fred Voccola said: “Our global teams are working around the clock to get our customers back up and running.
“We understand that every second they are shut down, it impacts their livelihood, which is why we’re working feverishly to get this resolved.”
Kaseya has been working with multiple governmental agencies in the US such as the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security, and the White House as well.
The company is also closely working with FireEye Mandiant IR, a computer incident response firm, on the security incident.
The FBI stated: “The FBI is investigating this situation and working with Kaseya, in coordination with CISA, to conduct outreach to possibly impacted victims.
“We encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya’s guidance to shut down VSA servers immediately. As always, we stand ready to assist any impacted entities.”