the case in December 2013, just a month after
they filed it. It’s not clear how it was settled.
Kaseya is privately held.
LinkedIn profiles for Sutherland and Wong list
them as retired, with Sutherland also growing
wine grapes. Blackie went on to become CEO of
another Miami-based provider of remote-control
software, Pilixo, where he was joined by McMullen.
Pilixo didn’t return a request for comment.
New vulnerabilities affecting Kaseya’s VSA
— including the one exploited by the REvil
ransomware gang — were discovered this year by
a Dutch cybersecurity research group that says it
confidentially warned Kaseya in early April. “In the
wrong hands, these vulnerabilities could lead to
the compromise of large numbers of computers
managed by Kaseya VSA,” the Dutch Institute for
Vulnerability Disclosure said in a blog post last
week explaining the timeline of its actions.
Some of those Kaseya fixed by May, including
another SQL injection flaw, but the Dutch
group said others were still unpatched when
ransomware started hitting hundreds of
businesses in early July. Kaseya has said up to
1,500 businesses have been compromised as a
result of the attack. Kaseya rolled out patches
to the vulnerabilities used in the REvil attack.
Moussouris said there’s a pattern of
ransomware syndicates going after easily
detectable software flaws.
“It’s collective technical debt around the world
and the ransomware gangs are technical debt
collectors,” she said. “They’re coming after
organizations like Kaseya” and others that
haven’t invested in better security.