Supply-chain attack on Kaseya impacting 1000+ businesses
REvil ransomware pushers exploit zero-day flaw in Kaseya VSA to infect MSPs and their customers. Credit: Dreamstime
More than 1000 businesses from around the world have reportedly been impacted in a supply-chain attack where hackers exploited a vulnerability in a remote computer management tool called Kaseya VSA to deploy the REvil ransomware.
Kaseya shut down its cloud-based service and urged all users with on-premises deployments, which includes many managed services providers (MSPs), to immediately shut down their vulnerable servers until a patch is released.
This is not the first time cyber criminals and ransomware gangs have targeted MSPs as an easy way to gain access into corporate networks. Defending against this attack vector is not easy for many organisations since outsourcing IT administration means giving MSPs highly privileged access into their networks and systems.
Supply-chain attack on Kaseya remote management software targets MSPs csoonline.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from csoonline.com Daily Mail and Mail on Sunday newspapers.
It’s not widely known to consumers and small business users that Microsoft offers built-in ransomware protection.
Turning it on is pretty simple: type in Ransomware Protection in the Windows 10 Cortana search bar (typically in the bottom lower left of the screen) then select the Ransomware Protection screen.
Toggle on the Controlled folder access. Then you have the option to select which folders you want protected. It’s not widely known to consumers and small business users that Microsoft offers built-in ransomware protection. (Screenshot/Brooke Crothers)
Click on Protected folders. The Protected Folders screen should already be populated by folders that are protected by default. You’re also given the option to add other protected folders.
The Windows Security console also collects together various features that were previously scattered throughout the Settings app. These include Secure boot, which can defeat rootkits by preventing the BIOS from running startup code that doesn’t have the right cryptographic signature, and Windows Hello, which replaces your password with biometric authentication. Windows’ built-in parental controls are managed from here, too, as is the integrated firewall.
With all this built right into the OS, you might wonder why you’d need to bother installing additional security software. Indeed, a 100% overall protection rating from AV-Comparatives and AV-Test provides pretty good reassurance that, if you simply leave Windows with its default protections enabled, you’re very unlikely to get infected.