  1. Homepage
  2. Equities
  3. United States
  4. Nasdaq
  5. Rapid7, Inc.
  6. News
  7. Summary
    RPD   US7534221046

RAPID7, INC.

(RPD)
  Report
News 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector news

Rapid7 : Managed Service Providers Used in Coordinated, Mass Ransomware Attack Impacting Hundreds of Companies

07/02/2021 | 05:29pm EDT
Rapid7 is aware of and tracking all information surrounding a coordinated, mass ransomware attack reported to be affecting hundreds of organizations. Huntress Labs is maintaining a public Reddit thread documenting the scope and triage of an event that has, so far, stemmed from 8 managed service providers.

Evidence points to a supply chain attack targeting Kaseya VSA patch management and monitoring software. Ransom notes suggest REvil is behind the coordinated attack.

Rapid7 Managed Detection and Response teams suggest that, out of an abundance of caution, organizations that use either an on-premise Kaseya VSA solution or the Kaseya cloud-based VSA solution perform the following steps immediately:

  • Disabling or uninstalling the Kaseya agent
  • If you host the Kaseya management server, shut down this system (Kaseya also strongly suggests this course of action)

Kaysea appears to be providing updates via their public helpdesk page and their status page provides visibility into the status of their hosted infrastructure.

Researcher @BushidoToken has provided a link to a GitHub gist containing the REvil configuration dump, which includes indicators of compromise organizations may be able to use to detect evidence of these actors operating in your infrastructure.

Rapid7 will update this post as more information becomes available.

Disclaimer

Rapid7 Inc. published this content on 02 July 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 02 July 2021 21:28:03 UTC.


© Publicnow 2021
