The Kaseya cyberattack affected individual computers in businesses across the country, racking up a $70 million ransom. Frustratingly, that headache could have potentially been avoided had Kaseya higher-ups listened to staff concerns.
Kaseya staff tried to warn the company about security issues for years. According to Bloomberg, staff complained that Kaseya “used outdated code, implemented poor encryption, and didn’t routinely patch its software and servers.” Employees also reported the company’s Virtual System Administrator software, which the hacker group REvil used to execute their attack.
One employee even sent senior staff a 40-page memo detailing these failings, and was fired just two weeks later. That employee claims the two events were connected. Other employees simply quit due to inaction.
These complaints started in 2017, four years before the attack took place. Had Kaseya listened to its staff, and implemented fixes to its system (especially the the Virtual System Administrator software), this ransomware attack might never have happened.
