Kaseya, an IT solutions developer for MSPs and enterprise clients, announced that it had become the victim of a cyberattack on July 2, over the American Independence Day weekend.
It appears that attackers have carried out a supply chain ransomware attack by leveraging a vulnerability in Kaseya's VSA software against multiple managed service providers (MSP) – and their customers.
According to Kaseya CEO Fred Voccola, less than 0.1% of the company's customers were embroiled in the breach -- but as their clientele includes MSPs, this means that smaller businesses have also been caught up in the incident.
Present estimates suggest that 800 to 1500 small to medium-sized companies[1] may have experienced a ransomware compromise through their MSP.
The attack is reminiscent of the SolarWinds security fiasco[2], in which attackers managed to compromise the vendor's software to push a malicious update to thousands of customers. However, we are yet to find out just how widespread Kaseya's ransomware incident will prove to be.
Here is everything we know so far. ZDNet will update this primer as we learn more.
What is Kaseya?
Kaseya[3]'s international headquarters is in Dublin, Ireland, and the company has a US headquarters in Miami, Florida. The vendor maintains a presence in 10 countries.
Kaseya provides IT solutions including VSA, a unified remote-monitoring and management tool for handling networks and endpoints. In addition, the company provides compliance systems, service desks, and a professional services automation platform.
The firm's software is designed with enterprises and managed service providers (MSPs) in mind, and Kaseya says that over 40,000 organizations worldwide use at least one Kaseya software solution. As a provider of technology to MSPs, which serve other companies, Kaseya is central to a wider software supply chain.