On the eve of the Independence Day of the United States, as well as the strange cybersecurity exercise Cyber Polygon 2021, many conspiracy theorists expressed concern about some problems on this day. And so, msspalert.com reports the following:
Kaseya is urging MSPs to immediately shut down on-premises VSA servers amid a potential cyberattack that may be targeting the RMM (remote monitoring and management) software.
The CISA (Cybersecurity and Infrastructure Security Agency) has issued an alert about the attack, stating that the agency is monitoring details about a “supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software.”
Indeed, the REvil ransomware gang apparently injected code into VSA as part of a supply chain attack that now extends to MSPs and end-customers, Huntress tells MSSP Alert.
“We are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only as of 2:00 PM EDT today.
We are in the process of investigating the root cause of the incident with an abundance of caution but we recommend that you IMMEDIATELY shutdown your VSA server until you receive further notice from us.
Its critical that you do this immediately, because one of the first things the attacker does is shutoff administrative access to the VSA.”
Kaseya is a major provider of IT management and automation software for MSPs. Kaseya VSA is one of the most popular company applications in the world for various types of business, including banking.
Several years ago, as we all remember, the WannaCry program that appeared out of nowhere, stopped the work of half of the world: ATMs, ticket offices, shops and other businesses turned off, and in some places the train traffic even stopped.
What is the specialty of Kaseya VSA, we cannot say for sure, since we are not familiar with them, but experts write that if this software collapses everywhere, WannaCry will seem like a children’s matinee.