A giant ransomware attack on Kasya may be completely avoided. The former staff spoke to Bloomberg claiming they warned the executives from “critical” security weaknesses in Kasya products several times between 2017 and 2020, but the company did not really overcome it. Many staff stop or say they release inaction.
Employees are reportedly complaining that Kasya uses old code, implements poor encryption and even fails to routinely patch software. The company’s virtual system administrator (VSA), a remote maintenance tool that dropped ransomware prey, allegedly full of sufficient problems that workers wanted to be replaced software.
One employee claimed he was sacked two weeks after sending executives to a 40-page direction of security issues. Others only frustrate with focusing on new features and releases instead of fixing basic problems. Kasya also put several employees in 2018 supporting outsourcing work to Belarus, some of the staff are considered a security risk considering the local leader partnership with the Russian government.
Keyya has refused to comment.
The company has shown signs of the desire to fix the problem. Fixing several problems after Dutch researchers showed vulnerabilities. However, it did not fix everything, and it didn’t take long before company analysts such as TrueSec found a striking weakness on the Kasya platform. This is not the first time Kaseya faces security issues. The company’s software is reported to be used to launch Ransomware at least twice between 2018 and 2019, and does not significantly rethink its security strategy.
But accurate reports may be, Kasya’s situation will not be unique. Staff at Solarwinds, Twitter and others have described security irregularities that are not repaired on time. It only makes the situation worse, your mind. It is recommended that the important parts of the American online infrastructure have been vulnerable due to neglect, and that one of the basic steps is too common.