Kaseya VSA Ransomware Attack
A broad-scale REvil ransomware attack has been reported against a key remote monitoring application, which may affect individual investment management firms either directly or indirectly through the supply-chain of managed IT service providers (“MSPs”) that many firms outsource their IT function to.
Kaseya VSA is a remote monitoring and management tool often utilized by MSPs. Both Kaseya and the US Cybersecurity and Infrastructure Agency (CISA) have advised to anyone who uses Kaseya VSA to immediately shutdown any VSA servers.
Currently, Kaseya believes the attack is delivered through a Kaseya VSA update that maliciously pushes the REvil ransomware onto victims’ machines. Before encrypting a given machine, it immediately blocks administrative access to the VSA tool, rendering the affected machine helpless. From there, attackers encrypt the target files and demand a ransom.
As of July 6, 2021, the advisory alert directing those parties affected to shutdown the Kaseya VSA servers remains in effect as this matter continues to evolve and be investigated. Further developments are expected.
For Align clients, there is nothing to do. For those investment managers that outsource their IT function through an MSP, here is what to expect:
- Your MSP should have issued an alert on whether its services or solutions were affected, whether directly or indirectly.
- If no such alert or notice has been proactively issued, then each manager should immediately contact their MSPs designated account manager (or other IT consultant or advisor) to determine if the services being delivered include the Kaseya VSA tool.
If you have been affected by the Kaseya VSP attack, Align Cybersecurity™ can help with your response and recovery efforts.
Align Cybersecurity™ is Align's leading-edge cloud services and robust cybersecurity advisory practice. It assesses and addresses evolving cybersecurity threats, and allows our clients to create customizable solutions that mitigate risk and compliance burdens while empowering secure, agile, mission-critical services.
If you are unable to contact your MSP or cannot get a clear answer, please feel free to reach out to Align today.