Security News > 2021 > July > IT for service providers biz Kaseya defers decision about SaaS restoration following supply chain attack
IT management software provider Kaseya has deferred an announcement about restoration of its SaaS services, after falling victim to a supply chain attack that has seen its products become a delivery mechanism for the REvil ransomware.
The update is needed because last Friday Kaseya advised users of its on-premises software to shut it down ASAP after a detecting a supply chain attack on its VSA product - a tool that combines endpoint management and network monitoring.
Kaseya's main market is managed services providers - IT consultancies whose selling point is taking care of their clients' tech - so an attack on VSA is potentially a superspreader event for REvil.
On learning of the attack, Kaseya urged customers to pull the plug on their VSA servers, because the attack shuts off administrator access to the suite.
Kaseya's status update page for the incident initially stated the attack impacted "Only a very small percentage of our customers currently estimated at fewer than 40 worldwide".
According to a notice on its unindexed web blog, Happy Blog: "On Friday we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor - our price is 70 000 000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour. If you are interested in such a deal - contact is using victims 'readme' file instructions."
News URL
https://go.theregister.com/feed/www.theregister.com/2021/07/05/kaseya_vsa_update/
Related news
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)