Skip to main content

Kaseya VSA products are being actively attacked by REvil supply chain attack with ransomware

Last Update Date: 12 Jul 2021 Release Date: 5 Jul 2021 7134 Views

RISK: Extremely High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

On July 2, Kaseya's VSA remote monitoring and management platform are being actively attacked by REvil ransomware actors (attackers) and conduct supply-chain attack targeting multiple Managed Service Providers (MSPs) and their customers.

 

Kaseya is used by multiple MSPs, the affected organisations are being contacted by Kaseya directly.

 

Incident Summary:

  1. The REvil ransomware gang appears to have gained unauthorised access to the infrastructure of Kaseya.
  2. It enabled them to deploy a malicious update to Kaseya's VSA servers.
  3. The malicious updates was used to install the REvil ransomware from the VSA Server to all connected computers.
  4. It is reported that some of the victims received demands for $5 million in ransom. A retailer in Sweden was forced to close at least 800 stores due to the attack. 
  5. Kaseya developed a compromise detection tool and is working on the security patch.

 

[Updated 12-July-2021] Security updates have been released to address CVE-2021-30116, CVE-2021-30119 and CVE-2021-30120 vulnerabilities.


Impact

  • Cross-Site Scripting
  • Denial of Service
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

Kaseya VSA Products

  • On-Premises Servers
  • SaaS

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

https://helpdesk.kaseya.com/hc/en-gb/articles/4403785889041


Vulnerability Identifier


Source


Related Link