Ransomware Attack Via MSP Locks Customers Out of Systems
Earlier this week, an unidentified threat actor managed to launch a massive ransomware attack resulting in the encryption of between 1,500 to 2,000 endpoint devices belonging to users of a single US managed service provider (MSP). The MSP was subsequently urged to pay a ransom of $2.6 million to have the systems unlocked.
The attacker managed the feat by exploiting a security flaw in VSA RMM, a software tool from Kaseya that is designed for the remote monitoring and management of servers and other computer devices. Like many MSPs, the targeted firm uses the software for client systems. The attack has amplified existing fears over the possibility of large-scale cyberattacks on MSPs. Chris Bisnett of Huntress Labs, the cybersecurity company working with the MSP, stated that “[e]veryone is looking at the attack and saying, ‘This could have been me.'”