Kaseya ransomware

JasonWalker · July 2, 2021, 11:43pm

I’m not sure whether any of our BigFix customers are also using Kaseya, but there is currently a widespread ransomware attack targeting MSPs/Kaseya customers. Early reports are indicating this is very widespread.

Kaseya is recommending customers shut down any on-premise VSA servers immediately.

I’m gauging whether there’s interest in providing IoC content for BigFix to check for compromise. Please direct message me if this would be useful.

https://us-cert.cisa.gov/ncas/current-activity/2021/07/02/kaseya-vsa-supply-chain-ransomware-attack

JasonWalker · July 6, 2021, 8:00pm

There was, (a little), interest in building IoCs for this. I’m not entirely optimistic, as it looks to me like the damage may be done by the time these files show up on the system, but I still hope this helps someone.

If anyone has Kaseya agents, I could use some help validating the Analysis I’ve posted at https://bigfix.me/analysis/details/2998641

Any feedback & collaboration, at all, is much appreciated!

HowardGrace · July 7, 2021, 2:37pm

Interesting! Thx for sharing!