Important Kaseya Notice! Turn VSA Off. Now. Ransomware. Updated



kaseyaSaturday morning July 3: They were hit with a REvil ransomware attack it looks like.  Friday July 2 at 11pm they said:

  1. ALL ON-PREMISE VSA SERVERS SHOULD CONTINUE TO REMAIN DOWN UNTIL FURTHER INSTRUCTIONS FROM KASEYA ABOUT WHEN IT IS SAFE TO RESTORE OPERATIONS. A PATCH WILL BE REQUIRED TO BE INSTALLED PRIOR TO RESTARTING THE VSA.

  2. SAAS & HOSTED VSA SERVERS WILL BECOME OPERATIONAL ONCE KASEYA HAS DETERMINED THAT WE CAN SAFELY RESTORE OPERATIONS.

This widespread ransomware attack is affecting hundreds of businesses per the Washington Post. Their article about this is herePlease get the word out to colleagues you know that use Kaseya.  Shutdown must be done immediately, the company said, because “one of the first things the attacker does is [shuts off] administrative access to the VSA.”  NOTE: KnowBe4 does not use any Kaseya products or services and we are not affected at all by this attack.

Monday Morning July 5: The press is all over this. The damage is hard to estimate because they hit dozens of MSPs.  Looks like R#Evil exploited a vulnerability that had been disclosed {CVE-2021-30116} and one that Kaseya was working on to fix, but too late.

Coindesk reports that REvil wants $70 million dollars from 200 US firms.  More about this at ZDNet. They say the 70M is for a universal decription key.  Associated Press looks at this from the cyber insurers perspective and the picture ain't pretty

Tuesday Morning July 6: Technically this was a 0-day. Bleepingcomputer has some background.  You wonder how REvil got their hands on it, but researchers said it was simple to exploit. 

Tuesday Afternoon July 6: NEW Former hacker Kevin Mitnick on the latest global ransomware attack.
https://www.cnbc.com/video/2021/07/06/former-hacker-kevin-mitnick-on-the-latest-global-ransomware-attack.html?&qsearchterm=kevin%20mitnick

Wednesday Morning July 7:  Kaseya NOT able to bring its service online after CEO vowed it would be back within 'hours'. Company said that an issue was discovered that has blocked the release.  And of course there are malware campaigns that are jumping on this, offering a malicious download to fix the Kaseya problem.

Thursday Morning July 8: Kaseya left customer portal vulnerable to 2015 flaw in its own software Story at Krebs. 

Friday Morning July 9:  WIRED Mag has a great backgrounder: "The Unfixed Flaw at the Heart of REvil’s Ransomware Spree. 

Tuesday Morning July 13: Here is a good wrap-up by ZDNet.

Friday Morning July 23:  Kaseya obtains universal decryptor key for recent REvil ransomware attacks

Monday July 26: Kaseya Says It Did Not Pay Ransom to Obtain Universal Decryptor. Story Here:
https://www.bankinfosecurity.com/kaseya-says-did-pay-ransom-to-obtain-universal-decryptor-a-17144

 


Topics: Ransomware



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews