Researchers warned Kaseya April 6 about one of the vulnerabilities that REvil ended up exploiting nearly three months later in a crippling ransomware attack.
The Dutch Institute for Vulnerability Disclosure (DIVD) said that researcher Wietse Boonstrain in April discovered seven vulnerabilities in Kaseya’s VSA remote monitoring and management product and notified the New York- and Miami-based IT service management vendor about the flaws less than a week later. Eighty-seven days later, REvil took advantage of a flaw flagged by DIVDthat still wasn’t resolved.
“Last weekend, we found ourselves in the middle of a storm,” DIVDresearcher Frank Breedijk wrote Wednesday. “A storm created by the ransomware attacks executed via Kaseya VSA using a vulnerability which we confidentially disclosed to Kaseya. … Unfortunately, the worst-case scenario came true.”
Kaseya Was Warned In April Of Vulnerability Exploited By REvil Gang crn.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from crn.com Daily Mail and Mail on Sunday newspapers.