What is your call to action for the 50 Kaseya MSPs that were hit directly by this attack?
The call to action at the end of the day is take control of your business. The amount of companies that are waiting for Kaseya to pay for the decryptor or waiting for an all clear is not acceptable. Your (legal) counsel and you have to take control of your business. It is not Kaseya’s business. It is yours. What is killing me is even though I agree they need to leave their servers offline and wait for the patches are there. But you can’t wait to restore your clients. There is some extra liability that people might take with the approach that I have shared. That is why I said make this decision with your customers.
We are aware of over 30 MSPs that have been impacted. My gut feeling is the number will be in the low 50s to 60s of total MSPs that shakes out by the end of this. We have already confirmed over 30.
We stopped counting at over 1,000 businesses impacted by this. On average, MSPs have about 30 customers. We do believe that it is going to be in the low thousands of businesses impacted by this. Probably under 10,000 businesses would be my educated guess at this point.
Let’s call it 2,000 businesses that are encrypted right now. That is 2,000 businesses that need their MSPs to restore confidence, that need their MSPs to get them back up and running. Because at least in the U.S., tomorrow begins the work week and they are going to need functional networks. It is just really killing me to see people wait.
How has Kaseya done with regard to communication on the attack?
I am glad with the communication that Kaseya has been giving. Huntress has worked with Kaseya on two past events. One was a ransomware exploit that attacked a plug in in VSA. The other one was another exploit in VSA that deployed cryptocoin mining.
Kaseya has been way more transparent and collaborative on this one. However, I wish they would communicate better with their customers. I wish they could communicate better with the partners.
People really are waiting for Kaseya to give them the all clear. I just don’t believe it is going to happen. Why is Kaseya the authority on when you decide to restore your customers? Obviously they have inside scoop. But you have got to take control of your business.
There is an old ProPublica article written by Renee Dudley that labels MSPs as ransomware enablers because of this exact same issue. If we thought that was bad in 2019 wait until you see what happens from this. This is everywhere. Every article especially with the political angle here is talking about MSPs being the supply chain vulnerability.