Loading table of contents...
Reports are surfacing on multiple ransomware events resulting from supply chain attacks of Kaseya VSA, a cloud-based platform used in managed service provider (MSP) environments.
Details
- Kaseya released an Important Notice on July 2nd, 2021 stating it is experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only as of 2:00 PM EDT.
- Initial reports indicate that an apparent auto-update in the product has delivered REvil ransomware. By design, it has administrator rights down to client systems, which means that Managed Service Providers who are infected then infect their client’s systems. Delivery appears to be via an automated software update in Kaseya.
- The company is in the process of investigating the root cause of the incident but they recommend immediately shutting down your VSA server until you receive further notice from them.
Recommendations
- We recommend following Kaseya's advice and shutting down your VSA server until further notice.
- We are tracking reports on the ransomware incident affecting Kaseya and assessing the impact potential on our clients.
References
