Kaseya Platform Targeted in Large-Scale Global Ransomware Attack
Over the holiday weekend, notorious cybercrime group, REvil, successfully launched a ransomware attack targeting Managed Service Providers (MSPs). This unprecedented hack triggered an infection chain compromising a massive, global supply chain, with reports showing at least 1,000 businesses over 17 countries being affected.
The attack reportedly started by exploiting vulnerabilities found in software tool provider Kaseya’s Virtual Systems Administrator (VSA) platform. Although Kaseya stated the initial attack was limited to less than 40 of their customers, the reach of this attack could be quite significant. MSPs are organizations that provide IT infrastructure or device-centric maintenance services for their customers, which could range from a dozen to several hundred companies. Targeting MSPs allows attackers to potentially gain access to hundreds of companies at once, instead of having to compromise each one separately. Ross McKarchar, Chief Information Security Officer at Sophos stated, “This is one of the farthest-reaching criminal ransomware attacks that Sophos has ever seen.”
Attackers from REvil group are now claiming more than 1 million systems are affected and are demanding $70 million in ransom for the global decryption key. Read more about the Kaseya ransomware attack in the full article from Forbes.
The White House National Security Council also released a statement Sunday urging anyone who believes their systems may be compromised by the Kaseya ransomware incident to immediately shut down your VSA servers and implement mitigation techniques provided by the FBI and Cybersecurity and Infrastructure Security Agency (CISA). Read the CISA-FBI guidance here.