Former staff of US software vendor Kaseya said they warned the company about potential security problems prior to the supply chain attack that caused a mass ransomware event affecting over 1,000 other organisations.
Speaking anonymously to Bloomberg, five ex-Kaseya employees – including software engineers and developers – said they had raised cybersecurity issues with executives at the company but were ignored.
Less than two weeks ago, the REvil ransomware group hacked Kaseya to send out ransomware using the company’s remote monitoring and management software, Kaseya VSA, which is used by managed service providers (MSPs) to help their clients with IT services.
REvil orchestrated a supply chain attack on Kaseya VSA to push out malware disguised as a software update, using the high privileges afforded to this trusted software to infect a wide range of organisations around the world.
One of the former staffers who spoke to Bloomberg said he penned a 40-page memo about security problems at the company which he sent to leaders at Kaseya – and resulted in him being fired a fortnight later.
Existing security problems at the company allegedly included outdated code in the company’s software, poor encryption and password management – such as storing passwords in plain text – in Kaseya products, and a generally poor cyber security posture.
Some employees had quit Kaseya because of the management problems and what Bloomberg described as “frustration that new features and products were being prioritised over fixing problems”.
Further staff were sacked after a 2018 restructure saw Kaseya outsourcing software development to Belarus where it hired 40 developers.
The ex-employees said they saw the move to Minsk as another potential security concern given the country’s close political ties to Russia.
REvil is understood to be one of many ransomware groups operating in Eastern Europe.
REvil runs an affiliate program hiring hackers to deliver its malware and has long been careful to make sure its ransomware doesn’t land on Russian and former Soviet Union systems, potentially risking the group’s tacit protection from local authorities.
The ransomware targeting Kaseya and subsequent organisations was written to check for and avoid Russian-language keyboard layouts.
US President Joe Biden and Russian President Vladimir Putin had an hour-long phone call last week discussing the ongoing scourge of ransomware that Putin apparently turns a blind eye to.
“I made it very clear to him that the United States expects, when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Biden said, adding he was “optimistic” after the talk.