Hundreds Of US Companies Potentially Rocked By ‘Colossal’ Supply Chain Ransomware Attack
Yesterday, Kaseya reported at 4:00 pm EST that it was "experiencing a potential attack against the VSA," its remote monitoring and management tool. At the time, it was recommended that VSA customers immediately shut down servers until further notice, as the attacker would first disable administrative access to VSA if they managed to breach the system.
Kaseya also provided an update today explaining that it is still looking into the situation, but the warning to keep VSA servers down until further notice remains. As for anyone who has been affected by the ransomware, outside experts for Kaseya suggest that if you receive communication from the threat actor, "you should not click on any links" as "they may be weaponized." The update also noted that we can expect a comprehensive report later today that will cover information about the incident and the recovery process.
However, it is feared that this increase in attacks has already begun after the recent Colonial Pipeline ransomware incident that crippled half of the eastern seaboard's fuel supply effectively overnight. Coupling this with the recent uptick in attacks such as Kaseya's does not provide a great trajectory for security. Thus, companies and governments alike need to invest in cybersecurity before something worse happens; it is now just a matter of when, not if.