[SANS ISC] Kaseya VSA Users Hit by Ransomware, (Fri, Jul 2nd)

We are aware that some MSSP’s customers (Managed Security Services Providers) have been hit by a ransomware. It seems that four(4) MSSP’s have been affected until now. The ransomware was spread through the remote management solution “VSA”  provided by Kaseya[1]. This looks to be a brand new type of supply chain attack.

What we know so far? Kaseya requested all customers to shutdown their on-premises  servers (the cloud version is already down) because, once compromised, prevent access to the device.

The ransomware is dropped to  c:kworkingagent.exe[2].

If you’re a Kaseya’s VSA user, please check as soon as possible with your representative to mitigate this attack. We will update this diary with more information when available.

[1] https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
[2] https://www.virustotal.com/gui/file/d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e/detection

Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[ZDNet] Cloud security firm Lacework secures $1.3 billion in new funding round

All posts, ZDNet

New investors including Liberty Global have joined the fray. Source: Read More (Latest topics for ZDNet in Security)

Read More

[SecurityWeek] States at Disadvantage in Race to Recruit Cybersecurity Pros

All posts, Security Week

Austin Moody wanted to apply his cybersecurity skills in his home state of Michigan, teaming up with investigators for the State Police to analyze evidence and track down criminals. But the recent graduate set the idea aside after learning an unpaid internship was his only way into the Michigan agency. read more Source: Read More […]

Read More

Daily NCSC-FI news followup 2020-01-21

Infiltrating Networks: Easier Than Ever Due to Evil Markets www.bleepingcomputer.com/news/security/infiltrating-networks-easier-than-ever-due-to-evil-markets/ Attackers don’t always need to breach the networks of their victims themselves to plant malware as there are plenty of professional intruders offering their services on underground markets.. Various levels of access are offered for prices starting $1,000 and increasing depending on how deep the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.