ADVANCE | Building Your Technology Advantage

View Original

Cyber Alert | Kaseya Ransomware Attack

Kaseya Ransomware Attack

We are aware of a widespread cyber incident affecting the Kaseya product set. Firstly we want to assure you that we do not employ this product set, and as such you are not at risk through the services that we provide you.

 

If you do employ Kaseya VSA in other parts of your business, please immediately shut down the Kaseya infrastructure and consult with your cybersecurity provider and the ACSC.

If you would our advice, guidance or additional assistance please contact us immediately.

 

What is Kaseya VSA?

Kaseya Virtual Systems Administrator (VSA) is a remote monitoring and management toolset designed for use by Managed Service Providers in servicing their customers. It is delivered as both a SaaS product and an on-premise installation.

 

What is this incident?

Starting from July 2nd, organisations with Kaseya on-premise installations began reporting abnormal behaviour and later, instances of ransomware. While the investigations are currently ongoing, it is strongly suspected that one or more Zero-day vulnerabilities in the Kaseya VSA toolset were exploited to deliver the ransomware payload.

These vulnerabilities were first discovered in April by the Dutch Institute for Vulnerability Disclosure (DIVD) who disclosed them to Kaseya, however, a patch had not been released when the ransomware attacks began.

The attackers responsible have demanded $70 Million (USD) to decrypt all impacted devices and advised they will negotiate on an individual basis if approached.

 

Would I have been protected?

From the direct attack, the simple answer is no. However, there several other defensive layers that, if implemented, would have completely prevented or slowed the ransomware outbreak once it entered the environment.

 

Due to its nature as a Zero-day, the initial payload would have been extremely hard to prevent, however other layers such as application control software, intelligent behaviour-based protection software and a cyber incident response plan would make a significant difference to the amount of disruption (if any at all) a business would have suffered as a result of having the Kaseya toolset installed.

If you would like to complete a paper-based exercise to see how your cyber defences would have fared against this attack, and proactively identify any areas of improvement, please get in touch with us as soon as possible.

 

Where can I find out more?

The Australian Cyber-Security Centre (ACSC) alert

Cybersecurity & Infrastructure Security Agency (CISA-FBI) advice