Preparing For Next Time
The REvil gang pulled off one of the biggest ransomware heists in years, exploiting a vulnerability in Kaseya’s on-premise VSA remote monitoring and management (RMM) tool to compromise nearly 60 MSPs and encrypt the data and demand ransom payments from up to 1,500 of their end user customers.
Kaseya said the cybercriminals were able to exploit vulnerabilities in its VSA tool to pass authentication and run arbitrary command execution. This allowed REvil to leverage the VSA product‘s standard functionality and deploy ransomware to customer endpoints. The Kaseya ransomware attack also left more than 36,000 MSPs without access to the company’s flagship VSA product for nearly 10 days.
CRN spoke with 10 C-suite executives and threat researchers during Black Hat USA 2021 about what MSPs must do following the Kaseya ransomware attack. From scrutinizing the security of acquired assets and conducting pen tests in software development environments to putting east-west segmentation in place and limiting the access MSPs have in customer environments, here’s what experts recommend.