• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » CISA-FBI Give Kaseya VSA Ransomware Victims Guidance

CISA-FBI Give Kaseya VSA Ransomware Victims Guidance

2021-07-07 by Grace Choi

REvil Ransomware Targets RMM Users: CISA and FBI Provide Instructions

Just before the holiday weekend, REvil ransomware hit Kaseya Virtual System Administrator (VSA), encrypting the company’s files until their $70M ransomware demand is met. Kaseya has released that 60 of its customers using the VSA on-premises product were compromised in the attack as well. This then led to compromising the clients of those 60 customers, adding up to a total of roughly 1,500 companies.

According to Kaseya, only its on-premises customers were impacted by the attack.

CISA and FBI Advise

After last Friday’s attack, US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a list of recommended actions for managed service providers using Kaseya VSA’s services.

If you, as an MSP provider, were affected by Friday’s attack, CISA and the FBI suggests that you:

  • Download the Kaseya VSA Detection Tool to determines whether any indicators of compromise are present.    
  • Enable and enforce multi-factor authentication (MFA) on every account and enable MFA for customer-facing services.
  • Implement allowlisting to limit communication with remote monitoring and management (RMM) capabilities
  • Place administrative interfaces of RMM behind a virtual private network (VPN) or a firewall on a dedicated administrative network.

Affected MSP customers are urged to take immediate action. This is especially important for MSP customers who do not have their RMM service running after the Kaseya ransomware attack.

Affected MSP customers should:

  • Make sure all of their backups are up to date and stored on a device that is disconnected or “air-gapped” from their company’s network.
  • Revert to manual patch management, following vendor remediation guidance. They should install new patches as they become available.
  • Implement multifactor authentication (MFA)
  • Implement a principle of least privilege on key network resources admin accounts.

SEE ALSO Ransomware Attack Hits Nuclear Weapons Contractor

The CISA and FBI have provided further resources for anyone concerned about the attack or their vulnerability. These resources include:

  • Kaseya’s most recent guidance: Important Notice July 3rd, 21
  • General incident response guidance: Joint Cybersecurity Advisory AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity

The CISA has called out dangerous cybersecurity practices in the past, and it is important to implement safe practices as soon as we can. A lack of urgency leads to vulnerabilities, and attackers have not stopped pushing forward with increasingly sophisticated and aggressive campaigns. To read up on CISA’s take on bad internet practices, see CISA Calls Out Dangerous Cyber Security Practices

Filed Under: News Tagged With: CISA, REvil

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version