USA +1 855 726 4878  |  BR +55 11 3069 3925 

Understand the Cyberattack that Affected Kaseya

by | Sep 24, 2021 | BLOG

On July 2, a Russian group of hackers exploited a flaw in the Kaseya company’s management software, affecting its systems and causing problems for it and its customers.

The massive cyberattack affected around 1,500 businesses in 17 countries. The attackers promised to return access to the data in exchange for 70 million dollars, equivalent to 364 million reais.

Hackers promised to release a decryptor so that all files could be recovered in at least an hour after paying the ransom.

Known as “REvil”, the organization claimed responsibility for the virtual attack on Kaseya. It was also responsible for the invasion that halted production at JBS, the world’s largest meat processor, in June this year.

Domino Effect

Headquartered in Florida, United States, Kaseya is responsible for the remote monitoring and management program used by more than 40,000 companies. Of these, only 60 were directly affected by the cyberattack.

However, as many of Kaseya’s customers provide services for other businesses, the systems are interconnected in a network.

This connection resulted in a domino effect, as the installed malware quickly spread and encrypted the files it found along the way.

The supermarket chain Coop, in Sweden, had to suspend the operation of its stores because it was unable to use the cash register system, which was managed by one of Kaseya’s client companies.

How Did the Invasion Take Place?

The type of virus was ransomware that can encrypt computer files. Access is only granted upon payment of a ransom to the hacker, that is, it is like a data hijacking in the digital world.

In this type of cyberattack, ransomware infiltrates frequently used software and spreads as systems are updated.

Encryption is the practice of encoding data, causing it to no longer have the original format and, therefore, no longer be readable by its owners.

Files can only be decrypted and returned to their original format through the use of a specific decryption key. It is for this key that Russian hackers ask for the ransom, as without it the data becomes useless.


This can be considered the biggest cyber-attack with ransomware of all time, as it reached a proportion never seen before in similar cases.

Kaseya asked customers using its system administration platform, VSA, to immediately shut down their servers to try to prevent the possibility of their information being captured by the cyberattack.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Agency (CISA), among other US officials, assisted in the investigations.

US President Joe Biden has warned Russian leader Vladimir Putin to take action against hackers who have been operating in Russia for a long time.

On July 12th, Kaseya has reported that it had fully recovered the servers. These attacks are an increasingly profitable way to take hostages in the virtual universe.

How Does the Russian Group Operate?

REvil, also called Sodinokibi, is one of the best-known hacker gangs today. It operates with dozens of individuals in a “professional” regime with the division of tasks.

While one part of the group invades the systems, the other is responsible for constantly maintaining the ransomware, managing the group’s financials, and negotiating the rescue of the data with the victims.

Hackers drive the attack into double extortion mode, which occurs when Internet hackers take control of the network, extract important and sensitive data, and activate ransomware that encrypts victims’ data.

Then, they ask for a ransom in cash or bitcoins so that they return control of the data and do not disclose the information obtained illegally.

The group explored a series of “zero-days” in the product that allows it to bypass its authentication, arbitrarily upload files, and install pirated software.

With this, they can use a series of tactics and tools to move around the network and have access to all the files that are present.

A tool from Kaseya itself may have been used to take control of the system and activate the malicious software, as it has high-level access privileges on the machines, passing in an authorized way through antivirus.

The exact form used by the group is still unknown, however, the flaws of the American company’s protection to its systems became clear.


Are you enjoying this post? Join our Newsletter!

7 + 7 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

$13 million growth investment drives senhasegura’s expansion in North America and the Middle East

Written by Priscilla Silva São Paulo, March 10, 2023 - senhasegura, an award-winning Privileged Access Management (PAM) solution provider that protects corporate IT environments and critical resources from cyber threats, announces a $13 million funding round from...

senhasegura wins CyberSecured 2022 award as best PAM solution in the USA

Written by Priscilla Silva SÃO PAULO, February 28 of 2023 - The 2022 edition of the CyberSecured awards, promoted by Security Today magazine, a brand of 1105 Media's Infrastructure Solutions Group, elected senhasegura as the winner in the Privileged Access Management...

How User and Entity Behavior Analytics Helps Cybersecurity

Cyberattacks are increasingly sophisticated, making traditional digital security tools insufficient to protect organizations from malicious actors. In 2015, Gartner defined a category of solutions called User and Entity Behavior Analytics (UEBA).Its big advantage is...

Best Practices for Consolidating Active Directory

This article was developed especially for you, who have questions about the best practices for consolidating Active Directory. First of all, you need to understand that directory services have the role of organizing important information for companies in a centralized...

senhasegura introduces the “Jiu-JitCISO” concept to show the power of Brazilian cybersecurity

Written by Priscilla Silva São Paulo, January 13, 2023 - "Like Jiu-Jitsu senhasegura is about self-defense. Every company must know how to protect itself and its clients". This is the aim based on the philosophy of the Japanese martial art, but made popular and...