July 6, 2021

CYBER ALERT: Kaseya VSA Supply-Chain Ransomware Attack

by: Align

As of July 6th, there is an ongoing cybersecurity attack involving the Kaseya VSA application. Align Managed Services clients remain absolutely unaffected, as Align does not use the Kaseya tool, however, because this incident may affect the investment adviser industry at large, we put together a list of the salient points of the recent attack below. 

Kaseya VSA Ransomware Attack

WHAT: 

A broad-scale REvil ransomware attack has been reported against a key remote monitoring application, which may affect individual investment management firms either directly or indirectly through the supply-chain of managed IT service providers (“MSPs”) that many firms outsource their IT function to.

WHO: 

Kaseya VSA is a remote monitoring and management tool often utilized by MSPs. Both Kaseya and the US Cybersecurity and Infrastructure Agency (CISA) have advised to anyone who uses Kaseya VSA to immediately shutdown any VSA servers.

HOW:

Currently, Kaseya believes the attack is delivered through a Kaseya VSA update that maliciously pushes the REvil ransomware onto victims’ machines. Before encrypting a given machine, it immediately blocks administrative access to the VSA tool, rendering the affected machine helpless. From there, attackers encrypt the target files and demand a ransom.

WHEN: 

As of July 6, 2021, the advisory alert directing those parties affected to shutdown the Kaseya VSA servers remains in effect as this matter continues to evolve and be investigated. Further developments are expected.

Next Steps 

For Align clients, there is nothing to do. For those investment managers that outsource their IT function through an MSP, here is what to expect: 

  • Your MSP should have issued an alert on whether its services or solutions were affected, whether directly or indirectly.
  • If no such alert or notice has been proactively issued, then each manager should immediately contact their MSPs designated account manager (or other IT consultant or advisor) to determine if the services being delivered include the Kaseya VSA tool.

Align Cybersecurity™

If you have been affected by the Kaseya VSP attack, Align Cybersecurity™ can help with your response and recovery efforts.

Align Cybersecurity™ is Align's leading-edge cloud services and robust cybersecurity advisory practice. It assesses and addresses evolving cybersecurity threats, and allows our clients to create customizable solutions that mitigate risk and compliance burdens while empowering secure, agile, mission-critical services. 

If you are unable to contact your MSP or cannot get a clear answer, please feel free to reach out to Align today. 

Speak To A Cybersecurity Specialist

 

Continue Reading

Related Articles

★★★★★

“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC