Sunday, July 4, 2021

Kaseya VSA Supply-Chain Ransomware Attack

After #printnightmare Another High Alert for Security Community and administrators. No weekend or holidays for #cybersecurity .

#Kaseya VSA Supply-Chain #Ransomware Attack by ransomware group REvil is exploiting vulnerable instances of Kaseya VSA globally. 

Kaseya VSA is a platform that provides endpoint management and network monitoring. Anyone who is currently using or has a MSP that is running #Kaseya software has potentially been compromised! 

Once inside the supplier’s system, attackers use it as a jumping off point to access its customers’ networks too. Then they install ransomware, which locks up victims’ data, only releasing it once a ransom payment has been made.


It is recommend organisations follow the advice provided by Kaseya, to immediately #shutdown your Kaseya server until further notice. 

So far 200 US company affected and one of Sweden's biggest grocery chains, closed all of its 800 stores today after this attack as they were unable to operate its cash registers.

Technical Details: Kaseya supply chain attack Indicators of Compromise (IOCs)

HASHES (SHA256) d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e e

2a24ab94f865caeacdf2c3ad015f31f23008ac6db8312c2cbfb32e4a5466ea2 8

dd620d9aeb35960bb766458c8890ede987c33d239cf730f93fe49d90ae759dd 

More info available here: https://lnkd.in/gJ5hfD2 S

someone rightly said Cybercriminals are awful for a whole bunch of reasons, but especially for ruining long weekends and holidays for IT professionals over and over again. Be nice to your IT team. They're the ones working through the nights and weekends to protect you from these scum. 

 #ThreatHunting #IOC #REvil #KaseyaVSA #KaseyaHacked #KaseyaVSA #MSP

0 comments:

Post a Comment

Twitter Facebook Favorites More