The IT Software Company, Kaseya has been attacked by Supply Chain Ransomware. The IT firm has instructed its users of the VSA endpoint and management network to instantly shut down their VSA. They asked the users to do so to keep their information from being compromised.
Kaseya had informed that the attack started on Friday at 2 pm ET. The company has also mentioned that the incident had affected the customers who were on-premises. The SaaS servers were also urged to shut down for safety purposes.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) said that serious actions have been taken to address this issue of supply chain ransomware attack. Alongside Kaseya VSA, many managed service providers for VSA software have also been under a ransomware attack. However, no official notification has been issued until Saturday.
The attack took place on July 4, American Independence Day. This implies that the timings of the attack were also well-planned because security teams are mostly understaffed on public holidays and respond late.
The shutdown of SaaS servers enabled the company to save 36,000 customers in the best possible way. The approach worked in favor of many and a small number of people got affected by the attack. The security firm Huntress has confirmed that at least 200 customers had been impacted and 8 manage service providers (MSPs) have been compromised.
The attack has caused many losses such as the exploitation of a vulnerability and Kaseya software update’s delivery. The update brought in ransomware that encrypted files.