Security News > 2021 > July > IT Software Firm Kaseya Hit By Supply Chain Ransomware Attack

Supply chain cyberattack could have wide blast radius through compromised MSPs. Software maker Kaseya Limited is urging users of its VSA endpoint management and network monitoring tool to immediately shut down VSA servers to prevent them from being compromised in a widespread ransomware attack.

While the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency had not yet issued an official alert as of early Saturday, the agency said late Friday that it was "Taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers that employ VSA software."

The attack appears to have involved exploitation of a vulnerability and the delivery of a malicious Kaseya VSA software update.

The REvil ransomware was also used recently in an attack aimed at meat packaging giant JBS, which paid $11 million to the hackers to ensure that the files they stole would not be made public.

"This type of a supply chain attack, similar to the SolarWinds attack, goes straight to the jugular of organizations looking to recover from a breach," added Chris Grove, technology evangelist with Nozomi Networks.

"Most of our customers who use Kaseya employ it as their single IT tool for systems management, software installation, and visibility. Now, during a ransomware event, they're unable to use this tool they've invested in for remediation. Most Kaseya customers we've worked with have no contingency plan for this. Even worse, given the holiday weekend in the US, we're unlikely to know the full impact of this until next week."

News URL

http://feedproxy.google.com/~r/securityweek/~3/HcbTSgvIxXg/it-software-firm-kaseya-hit-supply-chain-ransomware-attack