Ransomware is on the rise and you could be the next victim

  • CERT Admin
  • Mon Jul 05 2021
  • Alerts

Overview 

Kaseya has reported a potential security incident that involves its Virtual System Administration (VSA) software platform. VSA provides endpoint management and network monitoring. 

Description 

It has appeared that notaries REvil has pushed ransomware through an update of Kaseya’s IT management software hitting customers around the globe. Kaseya has taken necessary steps to shut down its SaaS as a precautionary measure while requesting on-premise customers to shut down their VSA servers.   

Impact 

· Loss of important files and documents of your company’s data 

· May result in complete shutdown of your company’s operations 

· Financial loss 

 Solution/Workarounds 

· Managed Service Providers (MSPs) and IT teams using Kaseya VSA are advised to follow Kaseya’s advisory to immediately shutdown the VSA servers and follow the vendor’s website for further updates. 

  https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 

· Educate your workforce (precaution on emails, do not click unknown links, do not install unnecessary apps, use of USBs, etc) 

· Implement proper backup policies and adhere to them strictly 

· Never pay the ransom 

· Have offline backups of important files 

· Update and install latest security patches on installed 3 party software 

· Keep your virus guard and operating system up to date  

 Reference  

 · https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 

 ·  https://thehackernews.com/2021/07/kaseya-revil-ransomware-attack.html 

 ·  https://www.cert-in.org.in/ 

Disclaimer 

The information provided herein is on an "as is" basis, without warranty of any kind.  

Last updated: Mon Jul 05 2021