This weekend’s Kaseya VSA supply chain ransomware attack breached about 50 customers, and penetrated or directly impacted up to 1,500 downstream businesses.

About 70%, or 35, of the customers impacted by the attack are MSPs.

On July 2, internal and external sources altered Kaseya to the attack. Within an hour, the company shut down access to the software in question.

Kaseya’s MSPs manage IT infrastructure for local and small businesses with fewer than 30 employees, such as dentists’ offices, small accounting offices and local restaurants.

Demanding $70 Million

On its dark web site, ransomware group REvil claimed responsibility for the attack and said it infected more than 1 million devices. It also demanded a $70 million payment in bitcoin to allow all victims to recover within an hour.

Kaseya’s Fred Voccola

Fred Voccola, Kaseya’s CEO, called the attack “incredibly sophisticated.”

The attackers breached Kaseya VSA, just one of the company’s 27 modules. Kaseya VSA is its remote monitoring and management (RMM) service.

All of the MSPs were using the VSA on-premises product.

“Many of our customers are MSPs or IT service providers providing outsourced IT for SMBs around the world,” Voccola said. “The Kaseya MSPs manage approximately 800,000-1 million small businesses around the world. We believe that the number of small businesses managed by MSPs that are Kaseya MSPs that were penetrated with this attack or that were directly impacted by this attack was between 800 and 1,500 downstream customers. When we talk about this attack, and we talk about the breaches that have happened, for the very small number of people who have been breached, it totally sucks.”

Kaseya’s Turn

All of Kaseya’s competitors have faced cyberattacks, and it was Kaseya’s turn this past weekend, Voccola said.

The attackers breached less than .01% of Kaseya’s customers, he said. However, he said if he was one of those breached, “I’d be very, very frustrated — and you should be.”

“In the coming hours, we expect the RMM module of our platform IT Complete will come back online,” Voccola said.

Kaseya has met with U.S. government agencies including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). It also has engaged with the White House, and FireEye Mandiant.

“CISA is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple MSPs that employ VSA software,” CISA said.

Scroll through our slideshow above for the very latest on the Kaseya cyberattack.