Victims are already seeing ransom demands ranging from $45,000 to $5 million.
Kaseya has announced that it is dealing with a massive ransomware attack that now may be affecting at least eight MSPs and hundreds of organizations. In a message posted to its website, the remote management solutions provider said it is „experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only as of 2:00 PM EDT today.“ „We are in the process of investigating the root cause of the incident with an abundance of caution but we recommend that you IMMEDIATELY shutdown your VSA server until you receive further notice from us,“ the company said. „It’s critical that you do this immediately, because one of the first things the attacker does is shut off administrative access to the VSA.“ Kaseya has taken down all SaaS instances of its VSA remote monitoring and management tool in light of the attack. John Hammond, senior security researcher at Huntress, told ZDNet that they were first notified of the attack at 12:35 ET and said it „has been an all-hands-on-deck evolution to respond and make the community aware.“ Hammond attributed the attack to the prolific REvil/Sodinikibi ransomware group and Bleeping Computer, The Record and NBC News all also reported that REvil or an affiliate was the culprit.
