REvil is pushing ransomware via an update for Kaseya's IT management software, hitting eight or more large managed service providers with thousands of customers
A massive REvil ransomware attack affects multiple managed service providers and their clients through a reported Kaseya supply-chain attack.
BleepingComputer Lawrence Abrams
Related Coverage
- Important Notice July 2nd, 2021 Kaseya · Fred Voccola
- Kaseya VSA Supply-Chain Ransomware Attack CISA
- View article Bloomberg
- View article Kaseya
- A New Kind of Ransomware Tsunami Hits Hundreds of Companies Wired · Brian Barrett
- Ransomware attack on software manager hits 200 companies NBC News · Kevin Collier
- Kaseya, a Software Provider, Investigates Potential Cyberattack New York Times · Kellen Browning
- Kaseya VSA Supply-Chain Ransomware Attack Sophos Community
- View article Wall Street Journal
- View article The Register
- View article Engadget
- View article PCMag
- View article AppleInsider
- View article Insider
- Kaseya Case Update DIVD CSIRT · Lennaert Oudshoorn
- 200 businesses hit by ransomware after incident at U.S. IT firm -Huntress Labs Reuters · Raphael Satter
- Kaseya supply chain attack delivers mass ransomware event to US companies DoublePulsar · Kevin Beaumont
- REvil Ransomware Hits 200 Companies In MSP Supply-Chain Attack Slashdot · BeauHD
- Supply chain attack on Kaseya infects hundreds with ransomware: What we know VentureBeat · Fahmida Y. Rashid
- Kaseya VSA Ransomware Attack Hits Nearly 40 MSPs CRN · Michael Novinson
- A Large Ransomware Attack Has Ensnared Hundreds of Companies Gizmodo · Lucas Ropek
- US companies hit by ‘colossal’ cyber-attack BBC
- View article TechSpot
- View article Security Boulevard
- Russian hackers target IT supply chain in ransomware attack Financial Times · Hannah Murphy
- View article HackRead
- REvil ransomware actors attack Kaseya in supply chain attack Cisco Talos Intelligence Group · Joe Marshall
- mpsvc.dll — Ad-Aware Gen:Variant.Bulz.471680 ALYac Gen:Variant.Bulz.471680 Avast FileRepMetagen … VirusTotal
- IT Software Firm Kaseya Hit By Supply Chain Ransomware Attack SecurityWeek · Eduard Kovacs
- Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware The Hacker News · Ravie Lakshmanan
- A New Wave Of Ransomware Has Been Sparked By A Cyberattack On Tech Provider Kaseya Forbes · Martin Giles
- View article reddit
- July 4th Nightmare: Potential Cyberattack Targets Kaseya VSA, MSP Customers Channel Futures · Edward Gately
- Widespread ransomware attack is affecting hundreds of businesses Washington Post
- Kaseya supply-chain ransomware attack hits MSP customers iTnews · Juha Saarinen
- Kaseya urges customers to immediately shut down VSA servers after ransomware attack ZDNet · Jonathan Greig
- Kaseya hit with suspected cyberattack, raising fears of major supply chain incident CyberScoop · Tonya Riley
- Kaseya VSA systems under active attack, as company tells customers to shutdown SC Media · Joe Uchill
- REvil ransomware attacks systems using Kaseya's remote IT management software The Verge · Richard Lawler
- Kaseya VSA Users Hit by Ransomware, (Fri, Jul 2nd) SANS Internet Storm Center …
- Kaseya Takes RMM Tool Offline Following ‘Potential Attack’ CRN · Michael Novinson
- REvil ransomware gang executes supply chain attack via malicious Kaseya update The Record · Catalin Cimpanu
- Supermarket chain Coop closes 800 stores following Kaseya ransomware attack The Record · Catalin Cimpanu
- Russia-Linked Group Hacks 200 Businesses With Ransomware Bloomberg
- Ransomware breach at Florida IT firm hits 200 businesses The Economic Times
Discussion
-
reddit
reddit
on reddit
Crticial Ransomware Incident in Progress
-
@uscert_gov
Us-Cert
on x
.@CISAgov is taking action to understand and address the supply-chain #ransomware attack against Kaseya VSA and the multiple #MSPs that employ VSA software. Review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers: https://helpdesk.kaseya.com/ ...
-
@kaseyacorp
@kaseyacorp
on x
Important Notice July 2, 2021 KASEYA VSA UPDATE - Latest update 11:00 PM EDT. Visit the Kaseya Help Desk for more information: https://helpdesk.kaseya.com/ ... https://twitter.com/...
-
@kevincollier
Kevin Collier
on x
New and developing: An enormous supply-chain ransomware attack, potentially the single largest criminal ransomware spree in history, is happening now at the start of the 4th of July weekend https://www.nbcnews.com/...
-
@c_c_krebs
Chris Krebs
on x
News Flash: cybercriminals are a$$holes. Keep all the Incident Response teams in mind this holiday weekend as they're in the thick of it...again. If you use Kaseya VSA, shut it down *now* until told to reactivate and initiate IR. Here's the binary: https://www.virustotal.com/... …
-
@gossithedog
Kevin Beaumont
on x
For anybody confused about how ~40 Kaseya customers being hacked caused so many problems - two are named here, both are managed service providers. REvil then propagates automatically to *their* customers. So the victims include non-Kaseya customers. https://www.bloomberg.com/...
-
@dinodaizovi
Dino A. Dai Zovi
on x
The software ecosystem is so complex that this will keep happening as long as customers buy products that have excessive privilege models like this. Are you outsourcing your security control plane? If so, why are you doing that? If the reason is “security,” maybe re-consider? htt…
-
@infosecsapper
@infosecsapper
on x
@timinbrum @Nedrick_NA @GossiTheDog Every MSP that escaped Solarwinds and Kaseya remembering third time's a charm... https://twitter.com/...
-
@uk_daniel_card
@uk_daniel_card
on x
its not everyday u get advised to SHUT DOWN all ur servers running a product... https://us-cert.cisa.gov/... I mean this is nicht fun ....
-
@anthonyrhook
@anthonyrhook
on x
This is not a small thing. https://www.reddit.com/... #kaseya #ransomware
-
@islivingston
Ian Livingston
on x
Things that aren't great https://twitter.com/...
-
@corymacd
@corymacd
on x
id like to pour one out for all the folks at MSPs using Kaseya. RIP your holiday weekend.
-
@infinitelogins
Harley
on x
“We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted. We are aware of at least 8 impacted MSP partners at this time.” I feel for all of my MSP friends right now. Bad day to be a Kaseya customer. https://www.reddit.com/..…
-
@viss
@viss
on x
i hope that the irony of a company who advertises ‘patch management’ being the victims of a massive ransomware attack which has spread to their customers is not lost on anyone. https://twitter.com/...
-
@sophos
@sophos
on x
Active Ransomware Attack on Kaseya Customers ⚠️ At this time Sophos is aware of an active industry-wide supply chain attack using Kaseya to deploy ransomware. We will add updates here with more information as it becomes available. ⬇️ https://community.sophos.com/ ...
-
@megaplanit
@megaplanit
on x
We are monitoring a Supply Chain attack outbreak utilizing REvil ransomware. At this time it appears to stem from a malicious Kaseya update. A malicious DLL containing the REvil Ransomware https://blog.megaplanit.com/ ... #cyberattacks #Ransomware #CyberSecurity
-
@orchidnyc
@orchidnyc
on x
This is major. Wire is calling it a ransomware tsunami that is hitting hundreds of companies at once. The attack is believed to be affiliated with REvil gang and ran through Kaseya. Kaseya controls programs for companies that manage internet services for businesses. https://twitt…
-
@shanvav
Shannon Vavra
on x
Kaseya has warned customers to shut down VSA servers “IMMEDIATELY.” DHS' @CISAgov is warning about the incident as well (link: https://us-cert.cisa.gov/... https://twitter.com/...
-
@kevincollier
Kevin Collier
on x
Updated after talking with the owner of a small MSP in California, serving a few hundred people: “There's not a lot of news coming down from Kaseya. We're all in a holding pattern, just hanging tight.” https://www.nbcnews.com/...
-
@propershadow
@propershadow
on x
@combat_penguin @TehStu @GossiTheDog This is the scary part. When you use Kaseya, you have 100% control over that system. We can see your desktop, browse your files, start and stop programs, etc. It's critical for our business to support our clients but it's also nightmare fuel.
-
@clearing_fog
ClearingTheFog
on x
🚨 Ransomware incident in progress. If you run a Kaseya VSA server, Kaseya is recommending that you shut it down right now, because the first thing that the attack does is take away your admin access. h/t @TeresaCCarter2 https://helpdesk.kaseya.com/ ...
-
@tonyajoriley
Tonya Riley
on x
Statement from Kaseya. Recommending customers shut down servers immediately. https://helpdesk.kaseya.com/ ...
-
@bitburner
@bitburner
on x
So far 8 MSPs running Kaseya VSA have been exploited. This particular RMM uses an on-premise box & apparently, that was popped & ransomware was distributed to MSPs clients. I'm guessing popped with “PrintNightmare” as it's been in the wild with no patch. https://helpdesk.kaseya.c…
-
@w7voa
Steve Herman
on x
Critical #ransomware attack reported to have hit 200+ companies. https://helpdesk.kaseya.com/ ...
-
@cybergovau
@cybergovau
on x
❗ Alert ❗Ransomware group REvil is exploiting vulnerable instances of Kaseya VSA globally. Immediately shutdown Kaseya server until further notice. Advice at: https://www.cyber.gov.au/... https://twitter.com/...
-
@alexstamos
Alex Stamos
on x
A note for @SenRickScott: now would be an excellent time for CISA to have a confirmed Director coordinating the USG response to yet another massive ransomware attack! https://us-cert.cisa.gov/...
-
@riskybusiness
Patrick Gray
on x
This is very bad. If you have access to someone's Kaseya server you've got every managed box in the environment. And this isn't light touch Russian collection, it's ransomware. A giant shitshow, this is. https://twitter.com/...
-
@gossithedog
Kevin Beaumont
on x
Microsoft should buy Sophos. https://community.sophos.com/ ...
-
@campuscodi
Catalin Cimpanu
on x
As pointed out here, by shutting down its own cloud infrastructure, Kaseya has kind of admitted that their backend infra got compromised and used in the attack. https://twitter.com/...
-
@brianhonan
@brianhonan
on x
If you are running Kaseya in your environment, or your MSP is, then you had better cancel your plans for the weekend https://twitter.com/...
-
@greypiperr
@greypiperr
on x
“Do we use any Kaseya products?” https://twitter.com/...
-
@davidderigiotis
David Derigiotis
on x
Timing is no coincidence- how many people are on vacation this Friday afternoon? Take note if you are a customer of Kaseya- supply chain ransomware attack https://twitter.com/...
-
@datadrivenmd
Jorge A. Caballero
on x
⚠️ “CISA encourages organizations to review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers.” URL redirects to: https://helpdesk.kaseya.com/ ... https://twitter.com/...
-
@ffforward
@ffforward
on x
I wonder if that there is a coincidence that @CoopSverige (one of the biggest swedish supermarket chains) had to shut a lot of their stores early today due to their cash registers not working. Some googling suggest they use a MSP that uses #kaseya https://twitter.com/...