Kaseya supply chain attack delivers mass ransomware event to US companies

Kevin Beaumont (@Gossithedog) writes:

Kaseya VSA is a commonly used solution by MSPs — Managed Service Providers — in the United States and United Kingdom, which helps them manage their client systems. Kaseya’s website claims they have over 40,000 customers.

Four hours ago, an apparent auto update in the product has delivered REvil ransomware.

By design, it has administrator rights down to client systems — which means that Managed Service Providers who are infected then infect their client’s systems.

Read more on DoublePulsar.com

And if you’re on Twitter, read this thread and follow Kevin.

What an infected system looks like on Windows 10. Image Credit: Kevin Beaumont

Related: https://us-cert.cisa.gov/ncas/current-activity/2021/07/02/kaseya-vsa-supply-chain-ransomware-attack

About the author: Dissent

Comments are closed.