The Kaseya Attack
The REvil gang has pulled off one of the biggest ransomware heists in years, exploiting a vulnerability in Kaseya’s on-premise VSA remote monitoring and management tool to compromise nearly 60 MSPs and encrypt the data and demand ransom payments from up to 1,500 of their end user customers.
Kaseya said the cybercriminals were able to exploit vulnerabilities in its VSA tool to pass authentication and run arbitrary command execution. This allowed REvil to leverage the VSA product's standard functionality and deploy ransomware to customer endpoints.
The cyberattack left more than 36,000 MSPs without access to Kaseya's flagship VSA product for at least four days as the company worked on a patch for the on-premises version of VSA and kept the more widely-used SaaS version of VSA offline as a precautionary measure.
How JustTech Recovered From The ‘Humungous’ Kaseya Ransomware Attack In 10 Days
“Then my background just turned white. And [my IT director] said, ‘Oh my gosh, that’s ransomware. Shut it down. Shut everything down,” says Joshua Justice, president of JustTech.
Kaseya Ransomware Attack Could Have Been Prevented: Report
Kaseya employees had sounded the alarm of critical cybersecurity vulnerabilities for years, but nothing was fully addressed before this month’s massive ransomware attack, according to a new report.
Kaseya Was Warned In April Of Vulnerability Exploited By REvil Gang
‘Last weekend, we found ourselves in the middle of a storm. A storm created by the ransomware attacks executed via Kaseya VSA using a vulnerability which we confidentially disclosed to Kaseya,’ says Dutch Institute for Vulnerability Disclosure’s Frank Breedijk.
The Channel Angle: Weighing The Risk Of Remote Monitoring and Management After The Kaseya Attack
‘Cybersecurity is table stakes for any company today, but MSPs, who provide IT and security services to many companies at once, serve as a critical leverage point for managing or amplifying risk,’ writes Ryan Heidorn, co-founder and managing director at IT services provider Steel Root.
MSP Following Kaseya Ransomware Attacks: We’re All Complicit
‘The days of any software or hardware vendors thinking about security, secondarily, are over. You just can‘t survive that way. The adversaries will find the weakest link. It’s just far too easy for them today, so I do think we have to up our game,’ says Dan Schiappa, chief product officer of Sophos.
Kaseya MSP: ‘It Sucks’ VSA Is ‘Still Down’ After Cyberattack
“We have VPN licenses that are flying out the door for those [Kaseya customers] who need it,” says one CEO of an MSP who partners with Kaseya.
Kaseya VSA Still Down Due To ‘Issue’ During Deployment
‘During the VSA SaaS deployment, an issue was discovered that has blocked the release. Unfortunately, the VSA SaaS rollout will not be completed in the previously communicated timeline,’ Kaseya said at 10 p.m. ET Tuesday.
Huntress Labs On Responding To A Cyberattack: 5 Key Steps For MSPs
‘Oftentimes your counsel or your insurance will be the ones that bring in an incident response team. Usually they do that under attorney-client privileges. And what this does is it gives you an independent, verifiable third-party player that’s going to do these things with you, not on your behalf,’ says Huntress Labs CEO Kyle Hanslovan.
10 Big Things To Know About The Kaseya Cyberattack
From the largest ransom demand of all-time to a potentially linked attack on Microsoft cloud customer apps via Synnex to how this hack was nearly avoided altogether, here are 10 things to know about the Kaseya cyberattack.
As One Kaseya MSP Negotiates Ransom Payment Following Attack, A Fellow MSP Steps Up To Help
‘They had to become boots on the ground going around to every single one of their clients and touching them manually,’ says Michael Crean, president and CEO of Solutions Granted, of a fellow MSP impacted by the attack.
Kaseya MSPs: ‘We Want To Get Out Of This Mess’
With Kaseya services still not restored as of Tuesday afternoon following Friday’s massive REvil ransomware attack, MSPs say they are getting “frustrated.”
Hackers Attack Microsoft Cloud Customer Apps Via Synnex
Synnex says the attack could be connected to REvil’s exploitation of Kaseya’s on-premise VSA tool to compromise MSPs, and didn’t respond to questions about whether the distributor uses Kaseya VSA.
Kaseya VSA SaaS Coming Back Tuesday, On-Prem Wednesday
Kaseya said it’ll make a final decision Tuesday morning about whether to bring its SaaS servers back online between 2 p.m. ET and 5 p.m. ET. The VSA on-premises patch should be available less than 24 hours later.
MSPs Provide Helping Hand To Peers Hit By Kaseya Ransomware Attack
‘The MSP community came together,’ said Huntress co-founder and CEO Kyle Hanslovan. ‘MSPs could have taken a competitive stand and said – “Let ’em burn -- that is my competitor.” But instead of kicking them while they were down, they pulled them up. That is awesome.’
Huntress CEO Kyle Hanslovan To MSPs On Kaseya Ransomware Attack: ‘Get It Together Or Go Out Of Business’
Kyle Hanslovan, the co-founder and CEO of Huntress, the threat detection provider that has played a key role in alerting MSPs to the REvil ransomware attack on Kaseya, says the time has come for MSP vendors and MSPs to ‘get it together or go out of business.’
REvil Demands Record $70M In Kaseya Ransomware Attack
‘If anyone wants to negotiate about universal decryptor – our price is $70,000,000 BTC [Bitcoin] and we will publicly publish decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour,’ REvil wrote late Sunday.
5 Takeaways On Kaseya Cyberattack From CEO Fred Voccola
CEO Fred Voccola tells CRN how Kaseya is assisting MSPs compromised in the ransomware attack, what the company must do before restoring access to its VSA tool, and why cryptocurrency poses such an immense danger to society.
Kaseya Cyberattack: End Customers Ransomed, MSPs Spared
Kaseya CEO Fred Voccola told CRN the ransomware gang sought money only from end customers rather than the 50 MSPs who had been compromised through an on-premises version of the company’s VSA tool.
Kaseya VSA Ransomware Attack Hits Nearly 40 MSPs
‘When an MSP is compromised, we‘ve seen proof that it has spread through the VSA into all the MSP’s customers. MSPs with over thousands of endpoints are being hit,’ said Huntress Senior Security Researcher John Hammond.
Kaseya Takes RMM Tool Offline Following ‘Potential Attack’
‘We recommended that you IMMEDIATELY shutdown your VSA server ... It’s critical that you do this immediately, because one of the first things the attacker does is shutoff administrative access to the VSA,’ Kaseya warned Friday afternoon.