Powerful threat prediction, prevention, detection, and response along with compliance in a scalable, simple managed solution.
All-in-one networking solution that combines network connectivity, agility, security, and compliance in an affordable managed solution.
Accelerate business growth through our award-winning partner program.
Updated: July 13, 2021
Note: Kaseya has released a patch for this critical vulnerability which is described here. If you use the Kaseya VSA product, please follow these directions before turning the server back on.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about a recent ransomware attack against Kaseya VSA (Virtual System Administrator).
Netsurion's EventTracker SOC recommends that you validate and ensure that the mitigation steps are followed in case Kaseya VSA components are part of your organization.
A.N. Ananth, president and chief strategy officer, breaks down what exactly happened with the Kaseya VSA ransomware attack, how it compares to the SolarWinds supply chain attack, what the ramifications are for you and future attacks, and lessons learned for managed service providers (MSPs) and in-house cybersecurity teams.
Watch the Video
Kaseya announced a notification about an attack against Remote Monitoring and Management tool VSA for on-premises customers.
As the screenshots below indicate, this malicious behavior was prevented for EventTracker Endpoint Security customers. So, those customers have time to shut down their VSA servers when ready. However, if you do not have EventTracker Endpoint Security coverage, you must act now to shut down your VSA servers, as you are not protected.
As an additional point of validation, Netsurion highly recommends reviewing and removing any exclusions which have been put in place surrounding Kaseya directories, including the common working directory of C:\kworking which is recommended by Kaseya to be excluded from anti-virus (AV) vendors.
We are continuing to monitor attack patterns related to the Kaseya VSA supply chain attack and will resume IOC updates in the EventTracker Threat Center.