Div ransomware attack on Kasey it could have been entirely avoidable. Former staff conversation to Bloomberg they claim to have repeatedly warned executives of “critical” security flaws in Kaseya’s products between 2017 and 2020, but that the company was not genuinely addressing them. Multiple staff members either resigned or said they were fired for inactivity.
Employees reportedly complained that Kaseya used old code, implemented bad encryption, and even failed to routinely patch the software. The company’s virtual system administrator (VSA), a remote maintenance tool that fell victim to ransomware, reportedly had enough problems that workers wanted to replace the software.
One employee claimed he was fired two weeks after sending executives a 40-page briefing on security issues. Others simply remained frustrated by the apparent focus on new features and releases, rather than solving basic problems. Kaseya also fired some employees in 2018 in favor of transferring jobs to Belarus, which some staff considered a security risk given the partnership of local leaders with the Russian government.
Kaseya declined to comment.
The company has shown signs that it wants to fix the problems. He corrected some problems after Dutch researchers pointed out the vulnerabilities. However, it didn’t fix everything and it wasn’t long before analytics companies like Truesec found obvious flaws on Kasey’s platform. This is not the first time Kaseya has faced security issues either. The company’s software was used to run the ransomware at least twice between 2018 and 2019, and it didn’t significantly rethink its security strategy.
As accurate as the reports were, Kaseya’s situation would not be unique. Staff at SolarWinds,, Twitter and others described security vulnerabilities that were not corrected in time. It only makes the situation worse, watch out. It suggests that key parts of the U.S. network infrastructure are vulnerable to neglect and that these basic missteps are too common.
All products recommended by Engadget are selected by our editorial team, regardless of our parent company. Some of our stories include associated links. If you buy something through one of these links, we may earn an associated commission.