Another Day, Another Hack Via a Private Equity Owned Software Firm

This time it's Insight Partners and its portfolio software firm Kaseya whose product allowing 200 corporations to get hacked on July 4th weekend.

Welcome to BIG, a newsletter on the politics of monopoly power. If you’d like to sign up to receive issues over email, you can do so here

First it was PE-owned Solar Winds that let hackers break in to large companies and the Federal government, including our nuclear weapons facilities. Then it was PE-owned Pulse Connect Secure that let hackers take over New York subway systems. What they don’t cut in terms of security spending they offshore, purely to generate cash.

And here we go again.

A successful ransomware attack on a single company has spread to at least 200 organizations, according to cybersecurity firm Huntress Labs, making it one of the single largest criminal ransomware sprees in history.

The attack, first revealed Friday afternoon, is believed to be affiliated with the prolific ransomware gang REvil and perpetuated through Kaseya, an international company that remotely controls programs for companies that, in turn, manage internet services for businesses.

Kaseya is owned by a private equity firm Insight Partners, and Glassdoor reviews are full of the standard ‘they don’t invest in R&D and customer relationships’ type of boiler room anger that is common with firms like this. Kaseya also has over 100 employees in Belarus, largely doing software development and testing. Offshoring security to a nation so closely intertwined with the Russian economy is… not wise.