Special Report: Coordinated REvil Ransomware Supply Chain Attack Affects Potentially Thousands of Organizations Globally

Zero-day exploit in remote management solutions provider Kaseya VSA's appliance could affect 36K MSPs, Kaseya and CISA urges customers to leave VSAs switched off,

When most cybersecurity incident responders were anticipating a relaxing holiday weekend in the U.S., a coordinated massive ransomware attack got underway, affecting potentially thousands of organizations around the world. The attack follows the REvil ransomware gang’s exploitation of a zero-day in Florida-based remote management solutions provider Kaseya VSA’s appliance, which reaches 36,000 primarily managed service provider customers worldwide. The gang used a malicious update for the VSA software to deploy ransomware on enterprise networks.

Kaseya said that only a few on-premises customers were affected because it took a conservative approach to shut down the affected servers. Kaseya plans to fix the zero-day flaw in a few days but urges customers to leave their VSAs switched off. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency said it is monitoring the situation and advises organizations to review an advisory by Kaseya and shut down their VSA…