Kaseya announced a security breach detection tool for customers of its remote VSA monitoring and management product amid weeks of fear of ransomware.
The tool is not currently on the website but can be requested by email [email protected] with the subject “Inquiry about the compromise detection tool”.
On Friday, a REvil ransomware subsidiary began exploiting a zero-day vulnerability in Kaseya VSA at multiple managed service providers and eventually encrypted thousands of downstream accounts. Kaseya immediately recommended that customers turn off the product.
According to a company update on Saturday evening, Kaseya received just one new infection report on Saturday from a client that was keeping its VSA server turned on.
“We feel confident we understand the scope of the problem and we work with each customer to do everything possible to remedy the situation. We believe that any VSA client who is a SaaS customer or local VSA customer who has their server turned off is currently not at risk, ”the company wrote.
Kaseya previously announced Friday evening it believed it recognized the vulnerability and worked on the patch. The update expressed even more confidence that a patch would be available soon.
“We have started correcting the code and will be posting regular status updates on our progress [Sunday] Tomorrow. We will work with selected customers to test the changes in the field once we have completed the work and thoroughly tested it in our environment, ”the company wrote.
That a REvil partner is using zero-day to target a popular RMM program raised eyebrows in the security community. It is uncommon for ransomware operators to have access to what would otherwise be an expensive tool sold to nation states in the gray market.
“This is unprecedented,” said Jake Williams, chief technology officer of BreachQuest and Rendition Infosecurity. “This is the first time we see it, but I think it is nowhere near the last. It’s a kind of self-fulfilling prophecy. The more people they pay here, the more resources they have to either buy or research on the next zero day. “
#Kaseya #Announces #Security #Breach #Detection #Tool #Fight #VSA #Ransomware #media