07/06/2021
A ransomware attack leveraging a zero-day vulnerability in Kaseya s VSA management solution may have affected about 60 managed service providers (MSPs) and almost 1,500 of their business customers.
The so-called supply-chain attack, attributed to the REvil ransomware gang (a.k.a., Sodinokibi ), was acknowledged by Kaseya in this rolling series of posts, dating back to July 2. Kaseya provides its VSA solution as a service, hosted from its datacenters, but the management software also gets installed on local servers (on customer premises). VSA is typically used by MSPs to provide outsourced IT support to businesses.
Early on, Kaseya shut down its VSA servers and urged its customers using VSA on local infrastructure to do the same. However, the vulnerability had already been leveraged by the attackers, affecting MSPs and businesses.