Had REvil not lowered the ransom price, if the ransom were honored, it would have been the highest-paid ransom to date. Another issue to consider is the scope of the attack and the hundreds of organizations affected because of how many MSPs rely on Kaseya VSA to manage the workstations and servers of their customers. As more information comes down from the multiple incidents being responded to, it is important for MSPs and their clients to consider together how to best limit the potential for harm that is inherent in any trusted remote administration of resources. For example, instead of adding all of the folders where the MSP’s management software runs to an antivirus exclusion list, it may be more useful to profile the expected activity of the management software and allow specific actions, but not open the door to allowing virus-like behavior or at least alert and quickly respond to stop further harm. Managed Service Providers can provide more value to their clients by integrating security operations or partnering with a security provider to monitor for anomalous behavior and halt malicious activity—including suspicious actions taken by the MSP’s management software itself.

https://therecord.media/revil-gang-asks-70-million-to-decrypt-systems-locked-in-kaseya-attack/