The attacker’s gang is from Russia or out of Eastern Europe; they have targeted a key software known as Kaseya. The products of Kaseya are so popular and are mainly used by IT management companies.
Using Kaseya VSA, Shut it Down Now
The hackers have changed the Kaseya tool called VSA and then encrypted the files of the customers. Huntress, a security firm, said that it tracked eight managed service providers that infected around 200 clients. Kaseya said it has shut down some of its facilities and asked customers who use VSA to turn off their servers.
Keep all the Incident Response teams in mind this holiday weekend as they’re in the thick of it…again. If you use Kaseya VSA, shut it down now until told to reactivate and initiate IR. Here’s the binary: https://t.co/NIuGJZW84p https://t.co/GSXPlOPjFt — Chris Krebs (@C_C_Krebs) July 2, 2021 This latest ransomware attacker has demanded $5 million(roughly Rs. 37.38 crores) or more. Already this attack has knocked out dozen IT support firm which mostly uses the remote management tool called VSA. Kyle Hanslovan, CEO of the cybersecurity firm Huntress Labs, said this attack had affected IT management companies and the companies’ corporate clients that have given contracts to IT management. In addition, approximately 1000 small-to-medium-sized businesses might have affected by this hack. If you are using Kaseya VSA, then shut it down right now until everything gets solved. According to The Verge, Kaseya told, A spokesperson said all of the cloud servers are now in maintenance mode. However, even Kaseya CEO Fred Voccola said they are checking how many MSPs are affected and are preparing to patch the vulnerability. This attack is linked to the REvil ransomware gang who is already linked to the attacks on Acer and JBS. According to the reports, this might be the third time Kaseya software is hit for the exploits. These days, such attacks are increasing, and cybercriminals target the organizations that are important across the US economy.
