The software company linked to a huge ransomware spree that was initiated last week and has hit hundreds of organizations across the globe was notified in early April of a cybersecurity vulnerability used in the attack, according to the Dutch security researcher group that discovered the issue.
Kaseya Ltd., a Miami-based software supplier that supports technology-service providers manage computer networks, was told of a serious cybersecurity hole in its Kaseya VSA software on April 6, Victor Gevers, chairman of the Dutch Institute for Vulnerability Disclosure, stated on Wednesday. Mr. Gevers’s organization, which is a volunteer-managed security group, discovered the flaw.
“When we discovered the vulnerabilities in early April, it was evident to us that we could not allow these vulnerabilities fall into the wrong hands,” Mr. Gevers stated in a blog post. “After some deliberation, we decided that informing the vendor and awaiting the delivery of a patch was the right thing to do.”
Kaseya declined to comment on the timeline but stated that Mr. Fever’s organization “has been a great partner and we value the service they provide.”