The United States Federal Bureau of Investigations, the Cybersecurity and Infrastructure Security Agency (CISA) and multiple media outlets have reported a supply-chain ransomware attack exploiting a vulnerability in Kaseya VSA software.
On Friday, July 2nd, Kaseya, notified customers and posted a notice on their website regarding a possible attack against their VSA Software product. VSA is a unified remote-monitoring and management tool for handling networks and endpoints. It is primarily used by MSSP (Managed Security Service Provider) and enterprise clients.
Who is at Risk
Organizations that have either a Kaseya VSA server on-premise or that are managed remotely by a Managed Services Provider (MSP) that uses a VSA server.
Who’s behind the attack
An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said. REvil’s reported offer of a blanket decryption for all victims of the Kaseya attack in exchange for $70 million suggests an inability to cope with the sheer quantity of infected networks, said Allan Liska, an analyst with the cybersecurity firm Recorded Future. Although analysts reported seeing demands of $5 million and $500,000 for bigger targets, it was apparently demanding $45,000 for most.
How to protect/defend against this attack:
What if you suspect unauthorized access?
Contact Risk Strategies and our breach response experts by email or by calling (844) 979-0265
References & Additional information
Kaseya ransomware supply chain attack: What you need to know, ZDnet, 7/85/21
Weekend sees single biggest global ransomware attack on record, Associated Press, 7/5/21