Ransomware strikes against 1000(?) of companies
On Friday the 2nd, Kaseya, a global software company published an important notice that their customers should shut their VSA servers down.
One can arguee if the word ”important” should have been exchanged for something else. Perhaps ”Critical” would have been better.
For those of you who don’t know of Kaseya, as its not LowEnd, it is a administrative and remote support tool that many MSP (Managed Service Provider) install on their clients computers and servers to make the administrative tasks more efficient.
One of the companies that were hit in third line (Customer of an MSP who uses Kaseya) was Swedish COOP, a large food and supply chain of stores.
This raises the question of having a backup plan if/when shit hits the fan.
Latest news today is that hundreds of technicians are travelling to each and every store to manually reinstall all cash machines.
What have you done to bounce back as quick as possible after the fan has spread it all over the place?
Some links to read more about it:
https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-1-000-plus-companies-in-msp-supply-chain-attack/
Comments
Some more info, including an IP to block.
https://blog.truesec.com/2021/07/04/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware/?fbclid=IwAR1pwdL4q_ZBIbUs5JoxWzQvklhmfvrFkrXOZ1S_ndHbdfTtsW2coKIdPos
https://clients.mrvm.net
https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-kaseya-ransomware-attack
https://clients.mrvm.net