It all started on July 2, when attackers targeted the popular remote management and monitoring (RMM) software from a Florida-based IT services company called Kaseya. By taking advantage of a flaw in Kaseya VSA software, ransomware authors gained access to the RMM system and were able to use it to install ransomware on some of Kaseya’s customers networks. Since those customers are managed system providers (MSPs), the ransomware also infected their customers, hundreds of businesses worldwide. Kaseya says the attack didn’t affect users of their SaaS version, only ones using the on-premises Kaseya VSA. The attackers are asking $70 million in ransom to restore all the victims.
The main focus of the attack seems to by US MSPs, but the cyber-attack quickly spread internationally, threatening many types of companies. Kaseya claims round 1500 companies are confirmed to have the ransomware, but it may indirectly affect many other companies. Kaseya advised all its customers to take on-premises VSA servers offline Friday and has not yet given them the go-ahead to go back online. They are preparing a patch to fix the vulnerability used to get it and plan to release it soon.
WatchGuard Partners and End Users Are Safe and Secure
This weekend’s attack is the latest in a rising barrage of ransomware attacks. According to Forrester, ransomware attacks shot up 500% in 2019, while in 2020 they rose 715% year over year. The good news is that WatchGuard partners and end users using our endpoint products were kept safe in all of these incidents.
Thanks to our Zero Trust approach, we are able to classify and validate 100% of processes running on the endpoints. These levels of visibility and control strengthen our prevention, detection and response capabilities.
Keep informed in Secplicity.org
WatchGuard’s Secplicity blog, provides daily video, podcast and editorial content about IT security for today’s busy professional. Breaking news, real solutions, useful tips, and all the information that you need.
In fact, Secplicity released all the details of this attack earlier this weekend. Being one of the first and most reliable sources of information about this case.
Subscribe to the email newsletter to keep informed and join our webinar to find out all the details about this attack and tips on how to avoid it.
Webinar: Learnings from the Kaseya Supply Chain Attack and Mass Ransomware Incident
Date: July 8 2021 – 8am PDT (3pm GMT)