On July 2, 2021, Kaseya, a provider of IT and security management solutions for managed service providers (MSPs) became the latest company targeted in a ransomware attack. The attack was carried out by known cybercrime gang REvil, who demanded a lump sum of $70 million in Bitcoin in exchange for the decryption key that would unlock all affected systems.
While the attack on Kaseya’s Virtual Systems/Server Administrator (VSA) compromised only about 50 of their customers, because many of them are MSPs, the true scale of the attack may never be known. It is estimated to have affected 800 to 1500 small to medium-sized businesses in 17 countries.
In this security brief, we examine what made this a successful software supply chain attack, how this was carried out and the impact of using on-premises vs cloud centralized management tools.