Employees Warned Kaseya Of The Potential Pwnage… But Not Only Was Nothing Done, The Company Did Other Things That Might Have Lead To Said Pwnage

If you’re the management of Kaseya, you are definitely not having a good weekend. I say that because according to Bloomberg, the giant ransomware attack against Kaseya might have been entirely avoidable. Not only that, attempts to warn the company of the the potential of pwnage were met with deaf ears, or in some cases termination of employment for those who tried to raise the alarm. And there’s more that’s worse:

Employees reportedly complained that Kaseya was using old code, implemented poor encryption and even failed to routinely patch software. The company’s Virtual System Administrator (VSA), the remote maintenance tool that fell prey to ransomware, was supposedly rife with enough problems that workers wanted the software replaced.

One employee claimed he was fired two weeks after sending executives a 40-page briefing on security problems. Others simply left in frustration with a seeming focus on new features and releases instead of fixing basic issues. Kaseya also laid off some employees in 2018 in favor of outsourcing work to Belarus, which some staff considered a security risk given local leaders’ partnerships with the Russian government.

Now the company isn’t commenting, likely because it’s in deep trouble at the moment. And if this is something that is something that can be not only validated but testified to under oath as it is highly likely that this incident will end up in court, Kaseya is screwed. It shows that SaaS companies don’t always have your best interests at heart. Which means that you should avoid SaaS products because SaaS is as dead as disco.

Leave a Reply

%d bloggers like this: