SafeBreach Hacker’s Playbook Updated for CISA-FBI Advisory for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
SafeBreach Labs has updated the Hacker's Playbook™ with new attack methods for the Kaseya VSA Ransomware attack including ransomware samples, domains, and URLs described in the CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack which addresses a global supply-chain ransomware attack against multiple managed service providers (MSPs) and their customers. This campaign leveraged a vulnerability in the Kaseya VSA (Virtual System/Server Administrator) software that allowed the attackers to take control of the affected MSPs remote management tool and deploy a REvil ransomware launcher to encrypt the victim systems of its clients.
News of this ransomware attack broke before the start of the July 4th holiday weekend and details of its potential impact will only become evident as companies resume business on Tuesday, July 6th.
The new attack methods for CISA-FBI Advisory Re: Kaseya VSA Ransomware Attack are already in the SafeBreach Hacker’s playbook and ready to be run across your simulators. The Known Attack Series report is updated so you can run the specific attacks from this US-CERT alert. From the Known Attack Series report, select the Malware - REvil Ransomware (Kaseya) report and select Run Simulations which will run all attack methods.