IT Software Firm Kaseya Hit By Supply Chain Ransomware Attack

security week ^ | 7/3/2021 | Eduard Kovacs

[bitt]

Supply chain cyberattack could have wide blast radius through compromised MSPs

Software maker Kaseya Limited is urging users of its VSA endpoint management and network monitoring tool to immediately shut down VSA servers to prevent them from being compromised in a widespread ransomware attack.

According to Kaseya, the attack began around 2PM ET on Friday. The company said that while the incident only appears to impact on-premises customers, SaaS servers have also been shut down as a precautionary measure.

While the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) had not yet issued an official alert as of early Saturday, the agency said late Friday that it was “taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software.”

Timing of the attack is certainly no coincidence, as IT and security teams are likely to be understaffed and slower to respond due to the 4th of July holiday weekend in the United States.

“While our early indicators suggested that only a very small number of on-premises customers were affected, we took a conservative approach in shutting down the SaaS servers to ensure we protected our more than 36,000 customers to the best of our ability,” the company said.

Kaseya says it’s working on a patch for on-premises customers, and that patch will need to be installed before VSA is restarted. “We will release that patch as quickly as possible to get our customers back up and running,” the company said.

[bitt]

p

[Openurmind]

A software company should be smart enough to make this a simple wipe and reload. No excuses not to be.

[Josa]

biden’s fault

[Josa]

Guess they weren’t on bidet’s list to avoid

[discostu]

There’s no such thing as a simple wipe and reload. That’s a myth put out by bad movies. Out here in reality all your data matters, and losing even an hour’s worth can bankrupt you.

[BradyLS]

“The Big Guy told us you were fair game...”

[Zathras]

For those who don’t know, these attacks don’t occur suddenly.
They start with constant pings to the company firewall looking for an open port.
This happens to ALL routers connected to the internet.

Most residential systems like Netgear and others don’t allow you to monitor who is attacking you nor are they frequently updated for new attack methods.

Most users are not aware that their home internet is attacked by hundreds of remote systems per day.
Many looking for an open port in your system.

This is what makes IOT so dangerous is adding one to your home network can create a hidden gateway into your internal network.

[Openurmind]

Losing all of it, or a weeks worth is better than having an accrued since yesterday backup to reload? Hands on manual work to catch it back up to were it was?

I don’t buy it. If everyone of us has the capability to do this I have trouble thinking that a software company cannot.

[discostu]

But you can get it back usually. The ransom guys generally just encrypt the data, pay they give you the key. And they generally aim for the newest, least likely to be backed up, data first.

In this day of automated everything there’s really no get it back. Somebody hit your website, triggered some software, and the data was made. The only way you know who it was is to look at the data, which has been encrypted.

Actually basically none of us can do this. You need to be a very very good hacker, with some seriously kick butt tools you probably wrote yourself, to de-encrypt data you don’t even know which of the thousand encryption methods that exist used. Best case scenario is the bad guys have used the same thing a lot and good hackers have reverse engineered the keys and figured it out.

[aimhigh]

Can’t the operating system be set to only allow certain programs to encrypt files?