Security News > 2021 > July > Emails Offering Kaseya Patches Deliver Malware
IT management software maker Kaseya is still working on patching the vulnerabilities exploited in the recent ransomware attack, but some cybercriminals are sending out emails offering the patches in an effort to distribute their malware.
An investigation revealed that the attackers exploited some zero-day vulnerabilities to deliver the REvil ransomware to the MSPs that use VSA, as well as the customers of those MSPs. Kaseya has determined that only on-premises VSA installations are impacted and it has been working on patches for the exploited vulnerabilities, but it has yet to release the fixes due to some issues uncovered at the last moment.
Some cybersecurity companies reported seeing a spam campaign that leverages news of the Kaseya patches to deliver a piece of malware.
"Guys please install the update from microsoft to protect against ransomware as soon as possible. This is fixing a vulnerability in Kaseya," the emails read. The messages contain a link that appears to point to Kaseya's official website, but it actually leads to an executable file hosted on a remote server.
Kaseya plans on releasing patches for on-premises installations within 24 hours after restoring the VSA SaaS service, which was not impacted by the attack, but was shut down as a precaution.
The Dutch Institute for Vulnerability Disclosure reported several vulnerabilities to Kaseya in April, including ones exploited in the ransomware attack.