Executives at Miami-based software company Kaseya were reportedly warned of critical flaws in its software before a ransomware attack this month that affected as many as 1,500 companies, according to former employees.
Bloomberg reports that according to former employees of the software firm Kaseya, executives were repeatedly warned of critical security flaws in its software before a ransomware attack this month that affected 1,500 companies. Employees claim that on several occasions from 2017 to 2020, employees at Kaseya’s offices in the U.S. claim to have flagged wide-ranging cybersecurity concerns to company leaders.
But these issues were allegedly not addressed according to workers employed at the time in software engineering and development at Kaseya. The former employees claim that one of the biggest issues was software underpinned by outdated code, the use of weak encryption and passwords in Kaseya’s products and servers, and a failure to adhere to basic cybersecurity practices.
A Kaseya spokesperson declined to address the accusation, citing the company’s policy of not commenting on matters involving personnel or the ongoing criminal investigation of the hack.
One of Kaseya’s tools was subverted allowing hackers to shut down hundreds of businesses worldwide. Most of these businesses were small or mid-sized — including dentist practices and accounting firms — but in Sweden, hundreds of supermarkets were forced to close as their cash registers became inoperative. In New Zealand, many schools and kindergartens were taken offline.
The attack was reportedly perpetrated by an affiliate of the notorious REvil hacking group which is best known for extorting $11 million from the meat-processor JBS. The group initially began demanding ransoms of up to $5 million to unlock the affected systems; but late on Sunday, the group posted a universal decryptor software key for sale on its dark web page. The key costs $70 million.
One former Kaseya employee said that in early 2019 he sent company leaders a 40-page memo detailing security concerns and was fired around two weeks later. Another employee said that Kaseya rarely patched its software or servers and stored customers’ passwords in clear text — meaning they were unencrypted — on third-party platforms.
Former employees said that they warned executives that Kaseya’s Virtual System Administrator software, known as VSA, was so outdated and filled with bugs that it should be replaced. The VSA was the vehicle that REvili used to stage its attack.
Read more at Bloomberg here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com