Kevin Beaumont (@Gossithedog) writes:
Kaseya VSA is a commonly used solution by MSPs — Managed Service Providers — in the United States and United Kingdom, which helps them manage their client systems. Kaseya’s website claims they have over 40,000 customers.
Four hours ago, an apparent auto update in the product has delivered REvil ransomware.
By design, it has administrator rights down to client systems — which means that Managed Service Providers who are infected then infect their client’s systems.
Read more on DoublePulsar.com
And if you’re on Twitter, read this thread and follow Kevin.
Related: https://us-cert.cisa.gov/ncas/current-activity/2021/07/02/kaseya-vsa-supply-chain-ransomware-attack