Kaseya VSA products are being actively attacked by REvil supply chain attack with ransomware
RISK: Extremely High Risk
TYPE: Servers - Other Servers
On July 2, Kaseya's VSA remote monitoring and management platform are being actively attacked by REvil ransomware actors (attackers) and conduct supply-chain attack targeting multiple Managed Service Providers (MSPs) and their customers.
Kaseya is used by multiple MSPs, the affected organisations are being contacted by Kaseya directly.
- The REvil ransomware gang appears to have gained unauthorised access to the infrastructure of Kaseya.
- It enabled them to deploy a malicious update to Kaseya's VSA servers.
- The malicious updates was used to install the REvil ransomware from the VSA Server to all connected computers.
- It is reported that some of the victims received demands for $5 million in ransom. A retailer in Sweden was forced to close at least 800 stores due to the attack.
- Kaseya developed a compromise detection tool and is working on the security patch.
[Updated 12-July-2021] Security updates have been released to address CVE-2021-30116, CVE-2021-30119 and CVE-2021-30120 vulnerabilities.
- Cross-Site Scripting
- Denial of Service
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
Kaseya VSA Products
- On-Premises Servers
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor: