An active supply-chain attack is currently underway on Kaseya’s VSA, a product that is used to manage company networks. The supply-chain attack which is being used to distribute ransomware is thought to be the responsibility of the notorious ransomware gang known as REvil.
The ransomware is distributed to clients via an auto-update triggered remotely and therefore, the company Kaseya has urgently requested that any client who has a VSA server running, shut it down immediately. By turning off VSA servers, the chance of a compromise is reduced. The servers should remain off until further notice from Kaseya.
Updates from Kaseya here: https://www.kaseya.com/potential-attack-on-kaseya-vsa/
We will add updates to this post and post through our social media channels.
Don’t forget, our cyber incident response line: 01786 437 472