The attack on Kaseya and its VSA solution (a cloud-based patching software to help manage endpoint detection and network monitoring) not only impacts the managed service providers (MSP) who typically employ this software, but also the corporate clients Kaseya provide services to.

REvil is rapidly spreading, raising alarm in the cybersecurity community. Current reports suggest over 200 businesses have been successfully attacked and their files encrypted. It's also confirmed that these attacks are geographically distributed. Kaseya has issued a notice that it has shut down its cloud servers and it advises customers to immediately turn off their instances of VSA.

Take action

Organisations should feel encouraged to exercise extra vigilance. Here are some key steps you can take immediately:

  • Check your endpoint detection and recovery (EDR) solutions for indicators of compromise (IOC) related to this campaign and any other malicious activities
  • Supply chain attacks are becoming quite common, so be aware of the updates you are installing
  • If possible, install in a test environment before rolling out to production
  • Scrutinise links in emails and don't click on them if you have any doubt they may not be legitimate
  • Do not open attachments included in unsolicited emails
  • Review your ransomware response playbook
  • Please make sure your third-party suppliers are vetted and reviewed regularly and limit the access you provide to external contractors
  • Perform regular updates to applications and host operating systems
  • Take offline backups of your critical assets' 'known good' configuration.

If you have become a victim of an attack, don’t pay the ransomware. Ensure you run a thorough investigation of your environment and determine what has been compromised. Whilst paying the ransomware might release any encryptions, you can't be sure that attackers haven’t planted further malware elsewhere. If you’re unsure where your vulnerabilities currently sit, arrange for a thorough security assessment as soon as you can.

Prepare your organisation, leadership team, and employees for any potential future threats. If your organisation requires urgent assistance, please reach out to Datacom.

Matthew’s 19 years of experience in business and IT has honed a set of skills targeted towards bridging the worlds of business and technology and making people the centre of progress. He is passionate about cybersecurity and the issues faced by organisations of all sizes.

Related industries
Professional services
Related solutions