Ransomware is on the rise and you could be the next victim

Last updated on July 22, 2021

Overview

Kaseya has reported a potential security incident that involves its Virtual System Administration (VSA) software platform. VSA provides endpoint management and network monitoring.

Description

It has appeared that notaries REvil has pushed ransomware through an update of Kaseya’s IT management software hitting customers around the globe. Kaseya has taken necessary steps to shut down its SaaS as a precautionary measure while requesting on-premise customers to shut down their VSA servers.

Impact

• Loss of important files and documents of your company’s data
• May result in complete shutdown of your company’s operations
• Financial loss

Solution/Workarounds

• Managed Service Providers (MSPs) and IT teams using Kaseya VSA are advised to follow Kaseya’s advisory to immediately shutdown the VSA servers and follow the vendor’s website for further updates.
  https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
• Educate your workforce (precaution on emails, do not click unknown links, do not install unnecessary apps, use of USBs, etc)
• Implement proper backup policies and adhere to them strictly
• Never pay the ransom
• Have offline backups of important files
• Update and install latest security patches on installed 3 party software
• Keep your virus guard and operating system up to date

Reference

• https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
• https://thehackernews.com/2021/07/kaseya-revil-ransomware-attack.html
• https://www.cert-in.org.in/

Disclaimer

The information provided herein is on an “as is” basis, without warranty of any kind.

Citation: SLCERT Cyber Security Alerts