Background
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed reporting that organisations globally have been impacted by the Kaseya VSA compromise and REvil ransomware.
The ASD’s ACSC has also received reporting from impacted Australian organisations.
The ASD’s ACSC is aware that a vulnerability in the Kaseya VSA platform enabled the REvil group to distribute malware through update mechanisms within Kaseya VSA with the intent of encrypting and ransoming data held on victim networks. For more information, please refer to Kaseya’s notification. Early reporting of this issue suggested a Supply-Chain attack, Kaseya advise that malicious actors exploited a critical vulnerability (CVE-2021-30116) in the platform to deploy ransomware.
Update and Mitigation
On 12 July 2021, Kaseya released a patch which mitigates ongoing risk to organisations of compromise through this activity. Please see Kaseya’s page for instructions on how to prepare you VSA server to safely apply this patch.
Assistance
The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required.
Organisations that have been impacted or require assistance can contact the ASD’s ACSC via 1300 CYBER1.