REvil ransomware gang has targeted several Managed Service Providers (MSPs) that are using the remote monitoring and management solution, Kaseya VSA via a supply chain attack. The attackers are exploiting a vulnerability present in Kaseya VSA and delivering payload by manipulating the patch distribution process.
OVERVIEW
▪ IT firm Kaseya reported having suffered a supply chain attack on July 2, 2021.
▪ REvil ransomware attackers are leveraging a zero-day vulnerability, CVE-2021-30116, in Kaseya remotely accessed internet facing Virtual System Administration (VSA) Servers against multiple managed service providers (MSPs) and their on-premise customers.
▪ Kaseya provides IT management software to managed service providers (MSPs) and IT companies. Kaseya’s VSA is a remote management tool with centralized console to monitor and manage endpoints, automate IT processes, deploy security patches, and control access via two-factor authentication.
▪ REVil (Sodinokibi) attackers reveal that they have compromised more than million systems and demanding 70,000,000$ Bitcoin for recovery