Hundreds of organizations were successfully targeted through a coordinated ransomware attack that hijacked widely used IT MSP software: Kaseya VSA. According to the software vendor, attackers changed the software tool to encrypt the files of IT MSP customers simultaneously. Kaseya shut down some of its infrastructure in response and that it has urged organizations that have VSA on their premises to immediately turn off the servers. Meanwhile, impacted organizations are left with ransom demands has high as seven-figures.
This Supply Chain Risk is a growing threat. Though at the moment only the VSA tool is known to be an issue, it is not known how the attackers were able to change the code nor if Kaseya has an ongoing breach of their network. Further, Kaseya has a history of its tools being used to spread ransomware.
Kaseya is not alone however in this risk. Texas-based SolarWinds had a similar wide-impacting event earlier this year. With the rapid increase in these attacks, BW Cyber recommends you ensure you have backups of all critical business data. Further, confirm with your IT support staff that the backups are tested and in alignment with many cybersecurity regulations, ensure the backup test is documented.
How BW Cyber Services Can Help
If you need assistance in performing a forensic investigation or if you have further questions, BW Cyber Services’ Digital Forensics and Incident Response team can help. For more information we can assist, please contact us at firstname.lastname@example.org.