IT and Business Insights for SMB Solution Providers

Kaseya on VSA Ransomware Attack: It’s Embarrassing

Speaking at the vendor’s ConnectIT event today, CEO Fred Voccola (pictured) said Kaseya let users down by failing to prevent attackers from breaching its RMM solution, but is investing heavily in efforts to prevent future attacks By Rich Freeman

Fred Voccola can sum up the ransomware strike that shut down Kaseya’s VSA remote monitoring and management solution last summer in two predictable and entirely understandable words.

“It sucked,” said Voccola, Kaseya’s CEO, in a keynote this morning at the company’s ConnectIT event in Las Vegas. “It sucked for everybody in this room who is using our RMM.”

For those users, the incident sucked because it left them without a critical tool for over a week. For Kaseya itself, the $12 to $14 million hit on the company’s bottom line only begins to describe why it sucked.

“It’s embarrassing,” Voccola told his audience this morning. “It’s our job to figure out how to live up to our commitments and we let this group down, and we take that very seriously.”

That said, Voccola continued, Kaseya can take at least some pride in the way it handled the crisis. For one, just 56 of its roughly 37,000 customers had their data encrypted.

“That’s 56 too many,” Voccola said, “but there’s only 56.” None of those organizations had any data exfiltrated either, he noted

Kaseya also acquired a decryption key for the attack and distributed it immediately, Voccola added. Contradicting media reports from earlier this year, Voccola insisted that Kaseya didn’t give REvil, the cybercrime organization responsible for the VSA attack, money in exchange for that key.

“Kaseya didn’t pay a dime of ransom,” Voccola said. “That’s a fact.”

Voccola declined to specify who supplied the decryption key, but suggested it was a third party using sophisticated techniques. It was that organization’s eagerness to hide those techniques from threat actors that explains the non-disclosure agreement Kaseya made MSPs sign before receiving the key, he added.

The VSA breach, Voccola observed, is just one manifestation of a larger phenomenon impacting huge numbers of people at accelerating rates. Indeed, 64% of U.S. IT decision makers surveyed by security vendor ThycoticCentrify for a research study published yesterday have been hit by ransomware in the last 12 months. Global damages from ransomware will total $20 billion this year, according to Cybersecurity Ventures, and reach $265 billion by 2031.

“This is an existential threat to our way of life, and it’s been amplified substantially over the last 18 months,” Voccola said today.

Overwhelmed law enforcement agencies, insufficient spending on cybercrime-fighting efforts, and easy access to “anonymous currencies” like Bitcoin ensure that attacks on RMM makers and other high-profile targets will continue, he added, as do the light penalties cybercriminals pay.

“Relative to the amount of financial gain you can make, it’s a slap on the wrist,” Voccola said.

VSA emerged from the July incident more secure than before thanks to the extensive scrutiny it’s received from security researchers, according to Mike Puglia, Kaseya’s chief customer marketing officer, in a ConnectIT keynote.

“It has had a lot of eyes on it, for better or worse,” he said. “We’ve made a lot of improvements and I feel extremely confident that nobody else has undergone [more] interrogation by people over the last three months.”

About the Author

Rich Freeman's picture

Rich Freeman is ChannelPro's Founding Editor

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.