Active Supply-Chain Ransomware Attack Against Kaseya VSA

Publish Date

Type

Cyber Alert

Topics
  • Cybersecurity
  1. Insights
  2. Active Supply-Chain Ransomware Attack Against Kaseya VSA

Kaseya has warned of an active attack against a number of its customers using Kaseya’s VSA remote monitoring and management (RMM) platform. The attackers are using the platform to deliver REvil ransomware to systems, demanding $44,999 in funds to reclaim access to data.

Kaseya has placed all SaaS instances of VSA server in “maintenance mode” and recommends that firms and MSPs immediately disable any on-premises VSA servers “because one of the first things the attacker does is shutoff administrative access to the VSA.” The REvil ransomware appears to be delivered to systems in the form of a Kaseya update using the platform’s administrative access to managed endpoints. 

ACA guidance

ACA Aponix® recommends taking the following actions regarding the attacks against Kaseya: 

  • Immediately follow the recommendations provided by Kaseya in its alert.
  • Firms and their MSPs should immediately shut down any on-premises VSA servers. If necessary, reach out to trusted third-party providers for assistance.
  • Monitor system logs and other security resources for unusual activity.
  • As the attack focuses on using Kaseya to deliver ransomware payloads, assure that data backup and related resiliency plans are up-to-date and functional.
  • Review and update existing incident response plans to prepare reaction in the event of a ransomware infection.
  • Strongly encourage third-party vendors to follow directions and information related to this attack.
  • Follow further CISA guidance as it becomes available. 

How we help

ACA Aponix offers the following solutions that can help your firm in light of the discovered vulnerability, software patching programming, Office 365 security configuration, and with data security in general.  

Download our Aponix Protect™ cybersecurity solution brochure.

If you have any questions, please contact your ACA Aponix consultant or contact our cyber team.

 

Related insights

2024 ACA Conference

Highlights From the 2024 ACA Conference

As the curtains close on the ACA Conference 2024, the echoes of transformative dialogue and insightful revelations resonate, shaping the trajectory of GRC in financial services.

News
  • Compliance
  • RegTech
  • Cybersecurity
  • ESG
  • Performance
  • Managed Services
  • SEC
cyber lock

Critical Vulnerability Detected in Palo Alto Networks' GlobalProtect Gateways

A popular firewall used in the financial industry is under attack due to a critital zero-day vulnerability. Firms that use Palo Alto Networks' firewall need to update their software to protect their systems.

Cyber Alert
  • Cybersecurity
abstract image with a lock and shield

Two Important Cybersecurity Alerts from CISA

The Cybersecurity and Infrastructure Security Agency (CISA) issued two advisories that require impacted firms to take immediate action.

Cyber Alert
  • Cybersecurity