The REvil group, the same Russian hacking group responsible for the attack against JBS has stuck again. Kaseya, a cloud-based IT management and remote monitoring solution for managed service providers (MSPs) was hit with a record breaking $70 million dollar attack on July 2nd. However, CNBC recently reported that hackers reduced their demands in private conversations to $50 million.
The attack compromised about 50 of Kaseya’s customers. Many of Kaseya’s customers are managed service providers, using Kaseya’s technology to manage IT infrastructure for local and small businesses with fewer than 30 employees, such as dentists’ offices, small accounting offices and local restaurants. As a result of the attack, at least 1,500 small businesses managed by Kaseya customers have been affected, with victims in 17 different countries.
In response to the attack, Kaseya took immediate action and shut down its SaaS and VSA servers to prevent additional customers from becoming compromised. Kaseya’s CEO, Fred Voccola, has issued a statement disclosing that Kaseya has located the source of the vulnerability and that the company intends to keep all on-premise VSA servers, SaaS, and hosted VSA servers shut down until it’s safe to resume operations.
Read more about the ransomware here.