Kaseya VSA Supply-Chain Attack
What is Kaseya VSA Supply-Chain Attack?
Kaseya VSA Supply-Chain AttackA July 2021 supply-chain ransomware attack in which REvil exploited zero-days in Kaseya VSA to push ransomware to roughly 1,500 downstream organizations.
On 2 July 2021, the REvil / Sodinokibi ransomware group exploited several zero-day vulnerabilities, including the authentication-bypass CVE-2021-30116, in Kaseya's VSA remote monitoring and management platform. They abused VSA's legitimate agent to push REvil ransomware to managed-service providers and their customers. Around 60 MSPs and approximately 1,500 downstream businesses globally were encrypted, including the Swedish grocery chain Coop. REvil demanded a 70 million USD universal decryptor before its infrastructure went offline. The FBI later obtained a decryption key. The incident became a defining case for MSP supply-chain risk and prompted renewed scrutiny of RMM software security.
● Examples
- 01
An MSP's VSA server is abused to deploy REvil to hundreds of small-business endpoints simultaneously.
- 02
Coop closes 800 stores in Sweden after point-of-sale systems are encrypted via its MSP.
● Frequently asked questions
What is Kaseya VSA Supply-Chain Attack?
A July 2021 supply-chain ransomware attack in which REvil exploited zero-days in Kaseya VSA to push ransomware to roughly 1,500 downstream organizations. It belongs to the Vulnerabilities category of cybersecurity.
What does Kaseya VSA Supply-Chain Attack mean?
A July 2021 supply-chain ransomware attack in which REvil exploited zero-days in Kaseya VSA to push ransomware to roughly 1,500 downstream organizations.
How does Kaseya VSA Supply-Chain Attack work?
On 2 July 2021, the REvil / Sodinokibi ransomware group exploited several zero-day vulnerabilities, including the authentication-bypass CVE-2021-30116, in Kaseya's VSA remote monitoring and management platform. They abused VSA's legitimate agent to push REvil ransomware to managed-service providers and their customers. Around 60 MSPs and approximately 1,500 downstream businesses globally were encrypted, including the Swedish grocery chain Coop. REvil demanded a 70 million USD universal decryptor before its infrastructure went offline. The FBI later obtained a decryption key. The incident became a defining case for MSP supply-chain risk and prompted renewed scrutiny of RMM software security.
How do you defend against Kaseya VSA Supply-Chain Attack?
Defences for Kaseya VSA Supply-Chain Attack typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Kaseya VSA Supply-Chain Attack?
Common alternative names include: REvil Kaseya attack, CVE-2021-30116.