💰🔗💣

Kaseya Security Incident

2/07/2021 1688 days ago Resolved

Incident Overview

Situation Description

Kaseya experienced a significant ransomware attack via its VSA supply chain product, impacting numerous MSPs and their customers.

Event Types

Ransomware Supply Chain Compromise Malware / Destructive Attack

Industry Sector

Technology

Geographic Scope

Global

Response Actions

Conducted Threat Hunting & Eradication Shared Threat Intelligence

Impact Analysis

Event Types (3 identified)

Ransomware Supply Chain Compromise Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Primary Impacts

Operational Disruption Financial Loss

Key Decisions Made

The Huntress team developed and deployed a 'vaccine' to mitigate the ransomware's impact on their partners.; Kaseya has not disclosed the origin of the universal decryption key.; Organizations should regularly evaluate their security stack and work with vendors to properly configure tools.

Technical Analysis

Attack Method

Supply Chain Compromise

Threat Actor Attribution

REvil

Vulnerability / Tool

Kaseya VSA

Additional Information

Home Blog Recap: Lessons Learned During the Kaseya VSA Supply Chain Attack Published: July 28, 2021 Recap: Lessons Learned During the Kaseya VSA Supply Chain Attack By: Team Huntress On July 2, 2021, as many people in the United States were preparing for the July 4 holiday, a major ransomware attack began to unfold . The REvil ransomware group carried out a sophisticated supply chain attack against Kaseyas VSA product. The attack is believed to have affected between 50 and 60 MSPsand between 1,500 and 2,000 of their customers. This attack was a prime example of attacker tradecraft becoming more sophisticated. The targetsIT resellers and MSPsact as a gateway to dozens, hundreds or even thousands of SMBs. Unfortunately, this was one of the most complex and successful ransomware attacks in recent memory. Look no further than the news headlines that surfaced to see how groundbreaking and sophisticated this attack was. Now that a decryption key is available and we seem to be on the downward slope of the rollercoaster, we have an opportunity to look back and capture some important lessons and learnings that can help this industry try to combat these threats more effectively. What Happened The Huntress team first became aware of the incident after three separate MSP partners reached out to us, noting that they along with their customers had been hit with ransomware. These reports reached us within half an hour of each other, which immediately made us question if this was part of a larger attack. As the number of compromised victims continued to grow, it became clear that the only commonality between them was the usage of on-premises Kaseya VSA. As soon as we had enough information to do so, we began providing real-time updates on our rapid response blog as well as our Reddit post . Now, we want to dive a bit deeper into the incident to learn all we can from it to be better prepared for the next event. The Attackers' Perspective This attack marked an exceptional...

... (truncated for display)

Quick Facts

Company:: Kaseya
Date:: 2/07/2021
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 28/07/2021

Source Information

Original Query

"Kaseya" VSA ransomware attack "supply chain" response

View Original Source

Timeline

Information Published

28/07/2021

Incident Occurred

2/07/2021 (1688 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats