Before Ransomware Attack, Kaseya Was Warned of 'Critical' Security Flaws, Ex-Employees Say

'The giant ransomware attack against Kaseya might have been entirely avoidable,' writes Engadget:

Former staff talking to Bloomberg claim they warned executives of 'critical' security flaws in Kaseya's products several times between 2017 and 2020, but that the company didn't truly address them... Employees reportedly complained that Kaseya was using old code, implemented poor encryption and even failed to routinely patch software. The company's Virtual System Administrator, the remote maintenance tool that fell prey to ransomware, was supposedly rife with enough problems that workers wanted the software replaced.

One employee claimed he was fired two weeks after sending executives a 40-page briefing on security problems. Others simply left in frustration with a seeming focus on new features and releases instead of fixing basic issues. Kaseya also laid off some employees in 2018 in favor of outsourcing work to Belarus, which some staff considered a security risk given local leaders' partnerships with the Russian government.

Kaseya has declined to comment...

The company's software was reportedly used to launch ransomware at least twice between 2018 and 2019, and it didn't significantly rethink its security strategy.



Engadget adds the Kaseya's software 'was reportedly used to launch ransomware at least twice between 2018 and 2019, and it didn't significantly rethink its security strategy.'

Read more of this story at Slashdot.