We are aware that some MSSP’s customers (Managed Security Services Providers) have been hit by a ransomware. It seems that four(4) MSSP’s have been affected until now. The ransomware was spread through the remote management solution “VSA” provided by Kaseya. This looks to be a brand new type of supply chain attack.
What we know so far? Kaseya requested all customers to shutdown their on-premises servers (the cloud version is already down) because, once compromised, prevent access to the device.
The ransomware is dropped to
If you’re a Kaseya’s VSA user, please check as soon as possible with your representative to mitigate this attack. We will update this diary with more information when available.
Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.