Cybersecurity experts have discovered that REvil, the group responsible for last month's JBS ransomware attack, are now leveraging Kaseya VSA to target hundreds of companies worldwide.
Kaseya VSA is a software used by MSPs to manage and distribute software updates to their clients. Unlike normal "supply-chain attack" strategies, REvil is using this method to conduct what Brett Callow, a threat analyst at Emsisoft, calls the "largest and most significant" attack to date, in a comment to The Wall Street Journal.
Once made aware of the attack, Kaseya shut down its servers and began investigating, uncovering that only clients who were running local servers would be affected. Even so, this marks another attack on MSPs - the eighth MSP attack by REvil to date, according to Huntress.
With the long holiday weekend underway, it won't be known how many businesses have truly been impacted until early next week as workers return to the office. After Friday's attack, Wired reports that 200 businesses have already been impacted with more likely to emerge.
SeedSpark is constantly monitoring the cybersecurity landscape, partnering with leading firms to provide our clients with coverage that they can rely on. As MSPs continue to become increasingly large targets for malware and ransomware attacks, we will continue to monitor the landscape and leverage every tool at our disposal to protect out clients and keep them informed of the latest situations.
For more information, read our blog on how a ransomware attack works to understand more about the basic strategies that hackers are using each week to tap into business data.
