After Kaseya Hacker’s Sentence, Progressive Computing’s CTO Regains His Power
“I've been trying to take everything that's been negative about this and … turn it into some sort of positive,” Robert Cioffi said in an interview.
Robert Cioffi, chief technology officer and co-founder of Progressive Computing, one of the MSPs hit in the 2021 Kaseya ransomware attack, traveled about 1,500 miles from his home in Yonkers, N.Y., to see one of the admitted hackers receive punishment.
Cioffi (pictured above) experienced a range of feelings in that Dallas courthouse during the sentencing of Yaroslav Vasinskyi – a 24-year-old Ukrainian national who, to Cioffi, looked closer to 14 and “120 pounds wet,” wearing an orange jumpsuit, shackled at the wrists and ankles.
He felt numbness over the nearly three years that had passed since the attack. He felt humbled when Judge Karen Gren Scholer mentioned Cioffi by name and referenced his victim impact statement. And Cioffi felt resentment at Vasinskyi and the damage he caused.
Cioffi told CRN in an interview Thursday that while he can’t ignore those angry feelings, it’s “what I choose to do with them,” that counts. “I've been trying to take everything that's been negative about this and trying to turn it into some sort of positive.”
[RELATED: Accused Kaseya Ransomware Attacker Sentenced To 13-Plus Years]
Kaseya Ransomware Attack
The U.S. Department of Justice declined to comment outside of a statement released Wednesday about Vasinskyi’s sentencing.
In an email to CRN, Stephen Green, an attorney for Vasinskyi, said that the defendant originally faced a sentence of 1,380 months, 115 years.
“The government advocated for a sentence well above the final outcome,” Green said. “While Mr. Vasinskyi will be facing a serious sentence of 163 months, we are pleased to see that we could achieve a more just outcome for his case.”
After the sentencing, Cioffi took to LinkedIn to share his first thoughts in a post and video. While he would’ve welcomed a larger sentence, he still saw Wednesday as “a massive victory for all of us – the MSP community, countless businesses that we serve and our national interests,” he said. “It tells the world that although you may be hiding behind protective borders of enemy states, you can still be held accountable for your crimes.”
Talking to CRN on Thursday, Cioffi said that no matter Vasinskyi’s time in prison, for Cioffi and the MSP community, the legacy of the Kaseya hack “will live on for us and for me.”
Since the 2021 attack, Cioffi has put his efforts at improving security and security response in the channel. He worked to create, and is the chair of, the CompTIA Emergency Response Team (ERT), also known as MSP911.org, which gathers about 30 volunteers to help fellow MSPs experiencing a security incident.
Pax8’s Matt Lee serves as vice chair. Members include N-able Chief Security Officer Dave MacKinnon, Choice Cyber Solutions Compliance Officer Julie Liu, and 5K Technical Services CEO Corey Kirkendoll, according to the group’s website.
“I think we've been able to help to some degree, at least put them on the right path,” he said.
“The joke is, amongst the team, we hope the phone rings and we hope it doesn't ring at the same time.”
Cioffi has also spoken publicly about his experience with the Kaseya hack to further educate MSPs.
“I have chosen not to allow the anger and the bitterness and the frustration get the better of me,” he told CRN Thursday. “I've always just tried to focus on, how can I contribute back to the community in positive ways, so that others are either not affected by this or, should they be affected by something like this, that the blast radius and the negative effects are more contained.”
At Progressive Computing, the MSP Cioffi co-founded in 1993, the team has moved from a softer stance on customer security to more of a “tough love” approach, putting aside customers’ feelings to give directions on basic security measures needed to even work with Progressive.
Progressive has even turned away customers if their security risks are “irresponsible,” he said. If his Yonkers-based MSP can get caught up in an international cybercrime, any business can become a target.
“Anyone who tries to tell me that they're immune to this or it's not going to happen to them, I quickly splash them with a bucket of cold ice cold water and say, ‘No, no, no, no no,’” he said. “You're probably more likely a victim than those who you think are bigger and better prepared.”
“If we speak from truth and authority, and do so in a respectful way, you can get your point across,” he said. “In fact, you might actually be more successful by doing that because now you're perceived more as the subject matter expert and not just somebody who might be perceived as somebody who's just trying to sell you something.”
On Thursday, the day after sentencing, Cioffi went back to working with clients, talking to his colleagues, taking a meeting for a business opportunity.
“This particular branch of the story is sort of done – that wound is cauterized,” he said. “If I can be that agent of change, if I could be the person who helps somebody else get through an incident a little bit better – then to me, that's how I regain my power.”