July 06, 2021
You are about to leave Risk Strategies website and view the content of an external website.
You are leaving risk-strategies.com
By accessing this link, you will be leaving Risk Strategies website and entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of Risk Strategies website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of Risk Strategies.
The United States Federal Bureau of Investigations, the Cybersecurity and Infrastructure Security Agency (CISA) and multiple media outlets have reported a supply-chain ransomware attack exploiting a vulnerability in Kaseya VSA software.
What Happened
On Friday, July 2nd, Kaseya, notified customers and posted a notice on their website regarding a possible attack against their VSA Software product. VSA is a unified remote-monitoring and management tool for handling networks and endpoints. It is primarily used by MSSP (Managed Security Service Provider) and enterprise clients.
Who is at Risk
Organizations that have either a Kaseya VSA server on-premise or that are managed remotely by a Managed Services Provider (MSP) that uses a VSA server.
Who’s behind the attack
An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said. REvil’s reported offer of a blanket decryption for all victims of the Kaseya attack in exchange for $70 million suggests an inability to cope with the sheer quantity of infected networks, said Allan Liska, an analyst with the cybersecurity firm Recorded Future. Although analysts reported seeing demands of $5 million and $500,000 for bigger targets, it was apparently demanding $45,000 for most.
How to protect/defend against this attack:
What if you suspect unauthorized access?
Contact Risk Strategies and our breach response experts by email or by calling (844) 979-0265
References & Additional information
Kaseya ransomware supply chain attack: What you need to know, ZDnet, 7/85/21
Weekend sees single biggest global ransomware attack on record, Associated Press, 7/5/21
The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client.