Managed service providers and their end customers infected by a Kaseya ransomware attack are still waiting for further remediation instructions from the MSP software provider.
Over 30 MSPs and potentially thousands of their end customers have either been infected by the attack or are under threat from it, as a result of a cyber gang inserting rogue code into the VSA management software that Kaseya distributes.
The Kaseya MSP attack, which started at the beginning of the weekend, follows the similar SolarWinds ransomware attack last year, which also affected customers globally.
Security company Huntress has blamed the Kaseya hack on the REvil ransomware gang, which was blamed last month for a ransomware attack on major Brazilian meat packer JBS.
Illustrating the serious threat that Kaseya's customers and the service provider channel is now under, JBS had to pay out an $11m ransom to the gang to get their systems back up and running.
In Sweden, for instance, grocery chain Coop was unable to open 800 stores this weekend because of the Kaseya attack, and a pharmacy chain and the state railway was also affected in the country.
Jamie Moles, a senior security engineer for network detection and response specialist ExtraHop, said of the attack: “This attack will trigger a rise in culpability for third party suppliers who don’t protect their direct customers. It’s futile if businesses protect themselves from attacks but the vendors in their supply chain they depend on have little to no protection to fend off attacks.”
He added: “Attacks such as the latest one on Kaseya aren’t new. Attackers are just getting better at it and we are more and more reliant on external entities for services.
“Digitising business processes and more remote and flexible working makes this a growing problem which naturally introduces more areas to track and protect.”
Updates from Kaseya on remediation will appear here:
https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
UPDATE: As of 1PM UK GMT on 6 July, Kaseya's MSPs and their end customers were still waiting for remediation/patches to fully tackle the hack. Check the link above to find out the latest.
