The Centre for Cyber security Belgium (CCB), is aware of an active supply chain attack campaign abusing the Kaseya VSA software to deploy a variant of the REvil ransomware.
The Supply chain attack has a global impact. Currently, eight managed service providers fell victim to this attack impacting about 200 client organisations.
Organisations that are using Kaseya VSA must disable their Kaseya VSA server instances immediately!
The manufacturer of the Kaseya software has disabled all their VSA instances on their SaaS platform to protect their clients.
- The CCB advises administrators of Kaseya VSA servers to follow the advice of Kaseya and disable all Kaseya VSA server instances, at least until more information is available.
- The CCB advises organisations that offer Kaseya, to inform the clients of this threat and take the appropriate actions.
- The CCB advises organisations to upscale monitoring and detection capabilities to detect any related suspicious activity to ensure a fast response in case of an intrusion.