On July 2, 2021, several businesses worldwide were left paralyzed due to a ransomware attack on the US technology firm Kaseya. The supply chain attack impacted Kaseya’s direct customers and downstream businesses. The file-encrypting malware targeted Kaseya’s VSA and the multiple managed service providers (MSPs) that employ the VSA software.

This incident adds to the growing concern around ransomware attacks, which are here to stay for the foreseeable future. Our previous post on ransomware discusses some best practices that you can incorporate to protect your data against similar threats.

This piece will discuss some key facts about the attack and its impact that can help you analyze the situation better.

1. What is Kaseya?

Kaseya is a privately-held company based in Dublin, Ireland, with its headquarters in Miami. The company provides software solutions for remotely managing a company’s IT networks and devices. The software is used by MSPs for performing IT tasks remotely.

2. What is the nature of the attack?

Details regarding the initial compromise are still unclear. So far, the attack appears to have affected companies that run Kesaya VSA on-premises and not as SaaS from the cloud.

3. What is the extent of the attack?

Though the attackers claim to have compromised more than 1 million computers, Kaseya stated that the threat had been limited to only a small number of its on-premises customers.

On Friday, the company had warned its customers to “immediately” shut down their on-premise servers and it proactively shut down its SaaS servers as a precautionary measure.

4. Which major businesses have been affected so far?

Kaseya has stated that less than 60 of its direct customers have been affected, all of whom were using the VSA on-premises product. It estimated the total impact to be less than 1,500 downstream businesses.

The incident has impacted businesses on all five continents. Though it wasn’t a threat to critical infrastructure in the US, some serious repercussions were observed abroad.

Major disruptions were reported in Sweden, where over 800 Coop supermarkets had to close due to inoperative cash registers. The Swedish State Railways and a local pharmacy chain also faced disruptions due to the attack. Additionally, 11 schools and kindergartens in New Zealand went offline. Three IT service providers were affected in Germany, with an overall impact on several hundred companies.

5. Who is behind the attack, and how was it executed?

Affiliates of the Russia-linked REvil ransomware-as-a-service group have claimed responsibility for the attack. The hackers are believed to have used an undiscovered security vulnerability in the software’s update mechanism.

The attack was carried out just before the US' Fourth of July holiday when most corporate IT teams were thinly staffed.

The attackers have demanded $70 million in ransom and are open to negotiation. Meanwhile, Kaseya’s CEO stated, “No comment on anything to do with negotiating with terrorists in any way.”