• Kaseya VSA has been hit with a ransomware attack

    Home » Forums » Newsletter and Homepage topics » Kaseya VSA has been hit with a ransomware attack

    Viewing 5 reply threads
    Author
    Replies
    • #2375346

      C:\Windows\mpsvc.dll is side-loaded into a legit Microsoft Defender copy, copied into C:\Windows\MsMpEng.exe to run the encryption from a legit process.”

      So, if you don’t run Defender you are in the clear ?

      • #2375356

        Nope, it uses Defender to run the malware – very clever as Defender is always allowed to run.

        cheers, Paul

        1 user thanked author for this post.
        • #2375387

          But 3rd party A/Vs disable Defender, so how can it run ?

          • #2375388

            Third-party A/Vs disable the A/V part of Defender.
            Do they disable ALL of the other parts of Defender?

            1 user thanked author for this post.
    • #2375389

      Almost every Coop foodstore is out of business today 🙂

      This is how it goes if you put all your eggs in the same basket

      https://translate.google.com/translate?sl=auto&tl=en&u=https://www.svt.se/nyheter/inrikes/coop-tvingas-stanga-efter-kassahaveri

    • #2375453

      Important Notice July 3rd, 2021

      July 3, 2021 1:30 PM EDT

      Latest Updates will be published at:  Important Notice July 3rd, 2021 – Kaseya

      Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack.   Due to our teams’ fast response, we believe that this has been localized to a very small number of on-premises customers only.  

      Kaseya is progressing on the security incident along multiple workstreams:

      Since the security of our customers is paramount, we are continuing to strongly recommend that our on-premises customers’ VSA servers remain offline until further notice. ..

      We have been advised by our outside experts, that customers who experienced ransomware and receive communication from the attackers should not click on any links – they may be weaponized…

    • #2375625

      0Patch has a free patch for CVE-2021-34527—a critical remote code execution and local privilege escalation vulnerability dubbed “PrintNightmare.”
      ————————————————————–

      Dear 0patch friends,

      You’ve probably been hearing about the critical remotely exploitable “PrintNightmare” vulnerability (CVE-2021-34527) in all Windows systems, which was made public last week and is already getting exploited. There is no official patch from Microsoft yet for this vulnerability.

      We at 0patch have decided to step in and created micropatches that are currently available for:

      1.Windows Server 2019 (updated with June 2021 Updates)
      2.Windows Server 2016 (updated with June 2021 Updates)
      3.Windows Server 2012 R2 (updated with June 2021 Updates)
      4.Windows Server 2008 R2 (updated with January 2020 Updates, no Extended Security Updates)
      5.Windows Server 2012 (updated with June 2021 Updates) – patch scheduled to be released on Monday, 7/5/2021

      We started with patches for the most critically impacted systems, and will issue additional ones for other affected platforms. All Windows Servers from 2008 on are affected at least when they act as domain controller, but new information indicates that all Windows versions (workstations and servers) may be affected via an alternate attack vector. We will be updating our blog post and posting updates on Twitter as we know more.

      These patches are completely FREE and will remain so until Microsoft has issued an official fix for this vulnerability.

      If your computers are affected (at least domain controllers), create a free account for 0patch Central, then install and register 0patch Agent from 0patch.com. Everything else will happen automatically. No computer reboots will be needed.

      Since this is a critical vulnerability without an official fix, please do a favor to everyone you know to be affected and let them know about 0patch. Thank you!

      For more information, please check out our blog post, read our FAQ, or just drop an email to sales@0patch.com. We’re waiting for you.

      Your 0patch Team

      <hr />

      <h4>gthomas</h4>

      1 user thanked author for this post.
    • #2375782

      Meanwhile, the REvil ransomware gang that is responsible for the attack claims on its website that “more than a million systems were infected.”

      According to reports, REvil has been demanding $45,000 to decrypt each infected PC, or $5 million for an entire domain.

      In addition, the REvil ransomware gang is offering to make publicly available a decryption tool that will “decrypt files of all victims” for the princely sum of $70 million worth of Bitcoin.

      Is this the biggest ransomware attack of all time?

      Quite possibly.

      REvil ransomware rampages following Kaseya supply-chain attack

      Windows 11 Pro version 22H2 build 22621.1194 + Microsoft 365/Edge

      • #2375786

        The REvil gang of scumbag digital stooges will be cursing at their foiled plan when the keystone cops trace bitcoin payments, fancy demanding Bitcoin of all the cryptocurrency payment methods. ROTFL

        WaaS = Windows as a Syphon...suckers!

        1 user thanked author for this post.
    • #2375874

      fancy demanding Bitcoin of all the cryptocurrency payment methods. ROTFL

      I suppose that a Bank’s check will do.

      when the keystone cops trace bitcoin payments

      That was pure luck and negligence of the receiver.

      No one has found to date $3.6 Billion vanished Bitcoins.

      1 user thanked author for this post.
    Viewing 5 reply threads
    Reply To: Kaseya VSA has been hit with a ransomware attack

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: