Pierluigi Paganini
July 06, 2021
Software provider Kaseya announced that fewer than 60 of its customers and less than 1,500 businesses have been impacted by the recent supply-chain ransomware attack.
Up to 1,500 downstream organizations, which were customers of MSPs using Kaseya VSA management platform, were impacted by the attack.
“While impacting approximately 50 of Kaseya’s customers, this attack was never a threat nor had any impact to critical infrastructure. Many of Kaseya’s customers are managed service providers, using Kaseya’s technology to manage IT infrastructure for local and small businesses with less than 30 employees, such as dentists’ offices, small accounting offices and local restaurants. Of the approximately 800,000 to 1,000,000 local and small businesses that are managed by Kaseya’s customers, only about 800 to 1,500 have been compromised.” reads a statement published by the company.
On Friday the REvil ransomware gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers.
The REvil ransomware operators initially compromised the Kaseya VSA’s infrastructure, then pushed out malicious updates for VSA on-premise servers to deploy ransomware on enterprise networks.
The ransomware gang exploited a zero-day vulnerability in Kaseya VSA servers, tracked as CVE-2021-30116, that was discovered by The Dutch Institute for Vulnerability Disclosure (DIVD) and reported to the company.
Kaseya was validating the patch before they rolled it out to customers but REvil ransomware operators exploited the flaw in the massive supply chain ransomware attack.
REvil ransomware is asking $70 million worth of Bitcoin for decrypting all systems impacted in the Kaseya supply-chain ransomware attack.
At the time of this writing, only five MSPs have publicly disclosed the security breach caused by the supply chain attack on Kaseya VSA servers, they are Avtex, Hoppenbrouwers, Synnex, Visma EssCom, and VelzArt.
CISA and the Federal Bureau of Investigation (FBI) have published guidance for the organizations impacted by the massive REvil supply-chain ransomware attack that hit Kaseya ‘s cloud-based MSP platform.
The US agencies provide instructions to affected MSPs and their customers on how to check their infrastructure for indicators of compromise.
Kaseya has released a detection tool that could be used by organizations to determine if your infrastructure has been compromised.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, REVIL)
[adrotate banner=”5″]
[adrotate banner=”13″]
