Dutch Security Group Claims To Have Warned Kaseya About Cyber Loophole In April: WSJ

  • The Dutch Institute for Vulnerability Disclosure claimed to have intimated software supplier Kaseya Ltd. regarding a serious cybersecurity flaw in its Kaseya VSA software on April 6, the Wall Street Journal reports.
  • The flaw reported was one of seven vulnerabilities that hackers exploited.
  • Russia’s REvil led ransomware cyberattack that began Friday was estimated to hit hundreds of primarily small and medium-sized businesses.
  • Kaseya worked to quickly issue two patches, one in April and another in May.
  • Kaseya was still working to patch its VSA software fully.
  • It was yet to resolve an unidentified issue that blocked its latest security update concerning the ransomware attack.
  • REvil sought $70 million to unlock all the affected systems. Victims were allowed to pay between $25,000 and $5 million directly to unlock their systems.
  • Kaseya estimates the total impact to be lower than 1,500 downstream businesses.
  • The Dutch security group refrained from elaborating on the vulnerabilities pending Kaseya’s patch release and installation.
Posted In: NewsTechMediaBriefsREvilWall Street Journal