On July 2 at 2:00 pm EDT, Kaseya, a developer of IT solutions for MSPs and corporate customers, announced that it was hit by a ransomware attack that exploited a vulnerability in its VSA software against several MSP (managed service providers) and their customers.<\/p>\n\n\n\n
Since more than 40,000 organizations use at least one Kaseya software, the company has notified its customers of the breach, while urging them to immediately shut down their VSA servers.<\/p>\n\n\n\n
While Kaseya also shut down its SaaS servers and pulled its data centers offline as the company’s incident response team investigated the crisis, the company called itself the “victim of a sophisticated cyberattack” by July 4 after investigating the severity of the attack.<\/p>\n\n\n\n
While the FBI described the incident as a “supply chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple MSPs and their customers,” Huntress Labs, a security firm, tracked 30 MSPs involved in the breach, explaining that the attack was triggered by a vulnerability to bypass authentication in the Kaseya VSA web interface.<\/p>\n\n\n