The Kaseya VMA ransomware incident | ||
DESCRIPTION | ||
Kaseya announced on 7/2/21 that customers utilizing the Kaseya VSA solution on premise were targeted by this attack. It impacts consumers utilizing the VSA solution on premise. None of the SaaS consumers using the VSA solution are impacted. Kaseya VSA is a unified remote monitoring and management solution primarily used by MSSP and companies with larger infrastructures. The attackers were able to exploit zero-day vulnerabilities in the VSA product to bypass authentication and run arbitrary command execution. This allowed the attackers to leverage the standard VSA product functionality to deploy ransomware to endpoints. | ||
IDENTIFY INDICATORS OF COMPROMISE (IOC) | ||
CONTAINMENT (If IOCs are identified) | ||
| ||
REMEDIATION (If IOCs are identified) | ||
| If you would like to speak with HALOCK concerning this zero-day vulnerability, need assistance with analysis, or learn more about how to prepare for cyber threats through an Incident Response Readiness program, please reach out to your HALOCK account manager or chat with us online at HALOCK to schedule a call with one of our security experts. Consult with HALOCK concerning this zero-day vulnerability. |
References
- https://www.bankinfosecurity.com/kaseya-up-to-1500-businesses-caught-in-ransomware-attack-a-16992?
- https://www.kaseya.com/potential-attack-on-kaseya-vsa
- https://helpdesk.kaseya.com/hc/en-gb/articles/4403584098961
- https://kaseya.app.box.com/s/p9b712dcwfsnhuq2jmx31ibsuef6xict