Security News

Kaseya Ransomware: 8 Things Learned From The DOJ, FBI

Joseph F. Kovar

‘I want to make clear that we are here today because, in their darkest hour, Kaseya made the right choice. And they decided to work with the FBI. Almost immediately after they were hit, Kaseya provided the FBI with information they needed to act,“ says Lisa Monaco, deputy U.S. attorney general.

Behind The Kaseya Ransomware Attack: The Actors, Funds, And Aftermath

The U.S. Department of Justice, along with the Federal Bureau of Investigation, on Monday held a press conference in which they announced the arrest of an alleged perpetrator of the July Kaseya ransomware attack, the indictment of a second perpetrator, the recovery of $6.1 million in alleged illicit ransom payments, the support Kaseya provided that made those actions possible, and why the release of the decryptor tool by the FBI was delayed.

In the attack, Kaseya in early July was forced to take all SaaS instances of its VSA remote monitoring and management tool offline following an attack against some on-premise VSA customers.

Ransomware operator REvil, which initiated the cyber attack, a few days later demanded $70 million from Kaseya for a decryptor that could be used to decrypt the ransomware on the 1,000-plus end customers hit by the attack. The FBI eventually was able to access the decryptor tool and enable those customers to recover.

Kaseya eventually said that the REvil attack via its VSA hit 56 of Kaseya’s 37,000 MSP customers and about 1,500 of those MSPs’ end-user clients.

Law enforcement investigations of ransomware attacks are seldom resolved, and so the DOJ and FBI have a right to brag. But at the same time, they gave credit where credit was due, thanking Kaseya for its swift action in bringing the case to the FBI, and thanking international law enforcement partners, particularly in Poland, for their support.

For details on what was learned from the DOJ and FBI this week, and a few questions yet to be answered, click through the slideshow.


Learn More: Cybersecurity
Joseph F. Kovar

Joseph F. Kovar is a senior editor and reporter for the storage and the non-tech-focused channel beats for CRN. He keeps readers abreast of the latest issues related to such areas as data life-cycle, business continuity and disaster recovery, and data centers, along with related services and software, while highlighting some of the key trends that impact the IT channel overall. He can be reached at

Sponsored Post


Advertisement exit