Massive Kaseya Ransomware Attack On Businesses May Be Much Worse Than Previously Reported
Before the holiday weekend got underway, the REvil hacking group kicked off a massive supply chain attack involving remote management software company Kaseya. Based out of Florida, the company only reports that 40 of its remote monitoring tool VSA on-premises customers have been affected by this. However, some of these 40 could be managed service providers who in turn serve hundreds of small businesses, which bloats the number of affected companies upwards of 1,000.
This morning, Kaseya provided an update on its progress, explaining that it is working on a plan to restore software-as-a-service server farms while all on-premises VSA servers should remain offline until further notice. Furthermore, a new “Compromise Detection Tool” was rolled out to 900 customers who requested it, leading us to believe that there is more than meets the eye here.
At the time of writing, the group attributed to the attack, REvil, has not made any post or mention of the attack on its blog. But it may not be long before data makes its way out online. Alternatively, we hope that Kesaya and its security partners will be able to clean this mess up in due time. Whatever ends up happening, keep an eye on HotHardware for updates on the Kaseya supply chain attack.