Our thoughts go out to the many MSPs, and customers, dealing with the latest supply chain ransomware attack today.
As has now been reported in the main stream media, Kaseya, one of the market’s leading infrastructure management tools, has been compromised – allowing hackers to administrator access into the infrastructure of many MSPs customers. Using this privileged access, hackers have been able to simultaneously deploy ransomware across at least a thousand companies globally. International media are describing it as the biggest supply chain ransomware attack on record.
These so-called supply chain ransomware attacks are particularly nasty. By compromising the manufacturer of the software, the hackers can then hijack the legitimate distribution systems and turn approved software into a Trojan horse for further attacks on the customer’s data and systems.
Common security defenses, such as application whitelisting, are ineffective as the application is actually supplied by the software vendor, and will happily pass through the usual application approval processes.
Whilst we have never used Kaseya here at BlueScale, it has historically been a great tool – one we considered using back in our early days. Many MSPs here in Australia would be using it, and we empathize with their pain, and the pain of their customers today. Hopefully, with US Government Security Agencies now involved, the situation can be resolved without further data loss.