On Friday Jul 2nd right before the long weekend, many MSPs across the world got hit by a supply chain attack, orchestrated by the REvil ransomware group. The attack was executed using a RMM tool called Kaseya VSA, a popular one among the IT and MSP community.
Kaseya VSA is a remote monitoring and management tool that helps IT admins and MSPs to remotely manage their computers, servers and network devices from one single console with features like automated patch management, client device management, remote control, software deployment, custom scripts and more.
The Kaseya VSA supply chain attack was sneaky as REvil ransomware was secretly deployed to exploit and encrypt the systems. Huntress team first identified the threat in Reddit and started updating the MSP Reddit community about the attack. This idea of launching a ransomware right before a long weekend has always been the pattern these threat actors employ, and supply chain attacks have now been used as a common attack vector to breach into RMM solutions. A similar attack was launched at Solarwinds recently and it had a huge impact on many businesses. The Sodinokibi ransomware group, which is now called the REvil ransomware actors were the ones behind the attack. And this is the ransom note that was sent out,
This Kaseya VSA supply chain attack seems to have impacted 8 MSPs already and they were all on SaaS server. And three of Huntress partners were also affected by this attack, potentially impacting 200 businesses already.
It wasn’t a Happy Independence Day for the US techies today as they are already going through a massive outage as Kaseya requested its customers to shutdown the VSA server until further notice and Kaseya itself was quick to respond to the incident and is already planning to release a patch to fix the vulnerability.
Here’s what the CEO of Kaseya, Mr.Fred Voccola has to stay about the incident,
While our early indicators suggested that only a very small number of on-premises customers were affected, we took a conservative approach in shutting down the SaaS servers to ensure we protected our more than 36,000 customers to the best of our ability. We have received positive feedback from our customers on our rapid and proactive response.
While our investigation is ongoing, to date we believe that:
Our SaaS customers were never at-risk. We expect to restore service to those customers once we have confirmed that they are not at risk, which we expect will be within the next 24 hours;
Only a very small percentage of our customers were affected – currently estimated at fewer than 40 worldwide.
We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it for our on-premises customers that will be tested thoroughly. We will release that patch as quickly as possible to get our customers back up and running.
I am proud to report that our team had a plan in place to jump into action and executed that plan perfectly today. We’ve heard from the vast majority of our customers that they experienced no issues at all, and I am grateful to our internal teams, outside experts, and industry partners who worked alongside of us to quickly bring this to a successful outcome.
Today’s actions are a testament to Kaseya’s unwavering commitment to put our customers first and provide the highest level of support for our products.
Fred Voccola,
CEO
Kaseya
Read more about Kaseya’s statement here.
Proactive and reactive security can only take you half-way as these incidents aren’t about ‘if’, it’s about ‘when’. So ensure and always prepare for the worst with best tools, policies, configurations and skills you have.
We’ll soon write some best security practices to keep your RMM tool safe and secured for your business.
Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.
You can reach out to us via Twitter or Facebook, for any advertising requests.
Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…
Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…
Discover the top 11 log management tools for efficient system management and monitoring. Learn about…
Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…
Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…
Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…