A new ransomware attack has hit six large MSPs and has encrypted data of 200 companies. The US cyber official has tracked that this group is the same who hit meat supplier JBS Foods.
The attacker’s gang is from Russia or out of Eastern Europe; they have targeted a key software known as Kaseya. The products of Kaseya are so popular and are mainly used by IT management companies.
Using Kaseya VSA, Shut it Down *Now*
The hackers have changed the Kaseya tool called VSA and then encrypted the files of the customers. Huntress, a security firm, said that it tracked eight managed service providers that infected around 200 clients.
Kaseya said it has shut down some of its facilities and asked customers who use VSA to turn off their servers.
News Flash: cybercriminals are a$$holes.
Keep all the Incident Response teams in mind this holiday weekend as they're in the thick of it…again.
If you use Kaseya VSA, shut it down *now* until told to reactivate and initiate IR. Here's the binary: https://t.co/NIuGJZW84p https://t.co/GSXPlOPjFt
— Chris Krebs (@C_C_Krebs) July 2, 2021
This latest ransomware attacker has demanded $5 million(roughly Rs. 37.38 crores) or more. Already this attack has knocked out dozen IT support firm which mostly uses the remote management tool called VSA.
Kyle Hanslovan, CEO of the cybersecurity firm Huntress Labs, said this attack had affected IT management companies and the companies’ corporate clients that have given contracts to IT management. In addition, approximately 1000 small-to-medium-sized businesses might have affected by this hack.
If you are using Kaseya VSA, then shut it down right now until everything gets solved.
According to The Verge, Kaseya told,
“We are investigating a potential attack against the VSA that indicates to have been limited to a small number of our on-premises customers only.”
A spokesperson said all of the cloud servers are now in maintenance mode. However, even Kaseya CEO Fred Voccola said they are checking how many MSPs are affected and are preparing to patch the vulnerability.
This attack is linked to the REvil ransomware gang who is already linked to the attacks on Acer and JBS. According to the reports, this might be the third time Kaseya software is hit for the exploits.
These days, such attacks are increasing, and cybercriminals target the organizations that are important across the US economy.