Channel partners, Breach, MSSP, Ransomware

MSSP Alert Live: Rising from the Ashes of a Mass-Scale Ransomware Attack

Cybercrime, piracy and data theft. Network security breach. Compromised computer showing skull and bones symbol. Digital 3D rendering concept.
Robert Cioffi, CTO, Progressive Computing
Robert Cioffi, CTO, Progressive Computing

What happens when hackers use an MSP's remote monitoring and management (RMM) software to install ransomware across its customer base? How does an MSP survive such an incident, both in terms of technology and in terms of business impact?

To find out, ask Robert Cioffi, the co-founder and CTO of Yonkers, New York-based MSP Progressive Computing.

Cioffi will share the full story of Progressive's ransomware attack and how his MSP made it through the darkest hours of the crisis during a keynote address at MSSP Alert Live, October 9-11 at the Capital Hilton in Washington, D.C.

Register here for this event where you will hear all the details of Cioffi's story of survival. The event will also feature sessions on disaster preparation, incident response, cybersecurity technologies for your MSSP stack, business growth strategies, and prepping-your-business-for-sale advice, among other topics.

Cioffi's Progressive Computing was one of the victims of the Kaseya VSA supply chain cyberattack that took place July 2, 2021. Initially, the attack devastated Progressive. But Progressive battled back and has risen from the ashes to become stronger and more resilient.

"I Really Thought Somebody Had Died"

Progressive was using Kaseya VSA to manage its customers' systems, Cioffi said in a Tigerpaw Radio podcast. These systems included 2,500 endpoints and 250 servers across 80 customers. They were utilized at 200 sites in four time zones.

Everything changed around noon on July 2, 2021. That's when Progressive's director of operations told Cioffi the news about the cyberattack.

"My director of operations came upstairs. I was in the kitchen. He was white as a ghost, shaking really had a terrible look on his face. I really thought somebody had died," Cioffi recalled. "He told me that all of our customers were ransomwared. And when he said that to me, it just didn't make any sense."

"I'm a Fixer"

As an IT professional who has started an IT business, Cioffi views himself as a "fixer," he said. Even though the Kaseya VSA cyberattack was a "frightening experience," he noted, he wanted to find a way to fix the issue and prevent it from happening once again.

Rather than walk away from the problem or try to ignore it, Cioffi embraced the opportunity to resolve the issue and help his customers in any way possible. This ultimately represented an opportunity for Cioffi to bring the Progressive team together and put the MSP's culture and core values into action.

"This was a great moment in time in which our culture and our core values had really become an important element in our survival," he said.

"I Was So Humbled"

Cioffi and his team reached out to members of the MSP community. They wanted to tell other MSPs, many of whom also used Kaseya VSA, about the attack before it was too late.

Within days, dozens of IT companies offered to help Progressive. These companies spent weeks with Progressive to help the MSP rebound from the cyberattack.

"I was so humbled by the response of the community because more and more people began showing up here," Cioffi said.

"Prepare to Be Frightened and Inspired"

"This is a personal story. A human story. An emotional story. Prepared to be frightened and inspired," Cioffi said.

MSSP Alert Live takes place October 9-11, 2023 in Washington, D.C. Click here to register.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.