/

FBI Works With CISA to Respond to Kesaya Ransomware Attack

2 mins read
Industrial Control System
Industrial Control System

The FBI has called on organizations to follow Kaseya’s guidance and perform all recommended mitigation measures as it continues to coordinate with the Cybersecurity and Infrastructure Security Agency (CISA) in response to a ransomware attack against managed service providers and their clients involving a vulnerability in Kaseya VSA software.

The FBI said Sunday organizations should immediately shut down their VSA servers and file a report via the ic3.gov calling them to “include as much information as possible” to help CISA and the bureau determine how to prioritize outreach to impacted entities.

CISA and the bureau issued joint guidance urging affected MSPs to download the Kaseya VSA detection tool, enable multifactor authentication on every single account and implement allowlisting to limit communication with remote monitoring and management capabilities.

MSP customers should ensure backups are updated and stored in an easily retrievable site, adopt a manual patch management process that complies with vendor remediation guidance and implement multifactor authentication and principle of least privilege on key network admin accounts.

The Washington Post reported that a group of hackers, called REvil, is demanding a ransom payment of $70 million in bitcoin to unlock the files of thousands of businesses affected by the attack.

“We are confident we understand the scope of the issue and are partnering with each client to do everything possible to remediate,” Kesaya said in an update.

Anne Neuberger, deputy national security adviser for cyber and emerging technology and a 2021 Wash100 Award winner, issued a statement Sunday saying the president had “directed the full resources” to investigate the breach.

Supply Chain Cybersecurity: Revelations and Innovations

If you want to hear cybersecurity experts talk about how the tech supply chain can reduce the risk of cyberattacks and get ahead of hackers, then check out ExecutiveBiz's Supply Chain Cybersecurity: Revelations and Innovations forum coming up on Oct. 26. To register for this virtual forum and view other upcoming events, visit the ExecutiveBiz Events page.