Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Restart After Hacks Delayed Again by Software Firm

A US software firm hit by a ransomware attack that crippled companies worldwide put off restarting its servers until Sunday to harden defenses against further breaches.

A US software firm hit by a ransomware attack that crippled companies worldwide put off restarting its servers until Sunday to harden defenses against further breaches.

Kaseya chief executive Fred Voccola apologized to its customers in a video update posted online late Wednesday, calling the decision not to turn systems back on as promised the toughest in his career.

“It sucks, and I don’t want anyone to think we are not taking this seriously,” Voccola said.

Kaseya has the vulnerabilities exploited in the attack blocked, but opted to take more time to put in place additional layers of protection, he explained.

The Miami-based company was “very confident” it would have it servers back online Sunday at 2000 GMT, according to Voccola.

He said that Kaseya will mirror a financial aid model rolled out during the pandemic, this time aimed at helping businesses suffering due to the cyberattack.

“We will be providing direct financial assistance to (small and medium size businesses) who have been crippled by these evil people,” Voccola said.

“Throwing money at a problem does not always solve it; it is better than not throwing money at it. We are doing what we can.”

The unprecedented attack that caused Kaseya to shut down its cloud-based system on July 2 affected an estimated 1,500 businesses and prompted a ransom demand of $70 million.

While Kaseya is little known to the public, analysts say it was a ripe target as its software is used by thousands of companies, allowing the hackers to paralyze a huge number of businesses with a single blow.

Kaseya provides IT services to some 40,000 businesses globally, some of whom in turn manage the computer systems of other businesses.

The hack affected users of its signature VSA software, which is used to manage networks of computers and printers.

[Continuous Updates: Everything You Need to Know About the Kaseya Ransomware Attack]

Experts believe this could be the biggest “ransomware” attack on record — an increasingly lucrative form of digital hostage-taking in which hackers encrypt victims’ data and then demand money for restored access.

The Kaseya attack has ricocheted around the world, affecting businesses from pharmacies to gas stations in at least 17 countries, as well as dozens of New Zealand kindergartens.

White House spokeswoman Jen Psaki said the administration was monitoring the situation amid reports that the attacks came from a Russia-based cyber gang.

REvil, a group of Russian-speaking hackers who are prolific perpetrators of ransomware attacks, are widely believed to be behind the assault.

Related: Emails Offering Kaseya Patches Deliver Malware

Related: Researchers Reproduce Exploit Used in Kaseya Hack

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.