{"id":1943420,"date":"2021-07-11T14:34:00","date_gmt":"2021-07-11T12:34:00","guid":{"rendered":"http:\/\/nhub.news\/?p=1943420"},"modified":"2021-07-11T17:02:29","modified_gmt":"2021-07-11T15:02:29","slug":"former-employees-kaseya-was-aware-of-security-flaws-before-revil-hack","status":"publish","type":"post","link":"http:\/\/nhub.news\/ru\/2021\/07\/former-employees-kaseya-was-aware-of-security-flaws-before-revil-hack\/","title":{"rendered":"Former Employees: Kaseya Was Aware of Security Flaws Before REvil Hack"},"content":{"rendered":"

Former employees alleged that Kaseya failed to respond to security vulnerabilities for years before REvil’s latest ransomware campaign.<\/b>
\n(Photo Illustration: SOPA Images \/ Getty Images) Kaseya executives were informed of security vulnerabilities affecting the company’s IT management solutions long before they were exploited by the REvil hacker group, Bloomberg reported, with several former employees saying they warned the company’s leadership about numerous flaws between 2017 and 2020. REvil used Kaseya’s VSA remote management service to compromise «fewer than 40» of the company’s customers as part of a ransomware campaign. But those customers weren’t REvil’s only target: A security firm called Huntress Labs said on July 3 that it believed at least 200 other companies were affected, and on July 8 the firm said «Kaseya VSA was used to encrypt well over 1,000 businesses.» Those are just the victims that have been identified so far; others could be discovered later. Bloomberg’s report suggested that Kaseya was aware of critical security flaws affecting its offerings prior to the REvil campaign. «Among the most glaring problems was software underpinned by outdated code, the use of weak encryption and passwords in Kaseya\u2019s products and servers, a failure to adhere to basic cybersecurity practices such as regularly patching software and a focus on sales at the expense of other priorities,» according to information provided by five former employees. One former employee went so far as to tell Kaseya’s executives that VSA «was so antiquated and riddled with problems that it should be replaced,» Bloomberg said. Some of the former employees also claimed that «in February and June 2019, ransomware hackers using the names Gandcrab and Sodinokibi\u2014an alternate name for REvil\u2014utilized Kaseya\u2019s VSA tool to distribute ransomware.» REvil being able to exploit VSA in another ransomware campaign more than two years later is a testament to the hacking group’s prowess, the veracity of these former employees’ claims that Kaseya didn’t prioritize the security of its products, or both. President Joe Biden said on July 3 that he ordered U.S. intelligence agencies to investigate the attack on Kaseya’s customers for possible connections to the Russian government. REvil then demanded $70 million in Bitcoin in exchange for a key that could be used to decrypt the files of all the companies affected by this campaign.<\/p>\n