Issue
ESET received reports on July 02, 2021, that Kaseya VSA and MSP may be experiencing a supply-chain attack.
Solution
Does ESET protect me from the Kaseya supply-chain attack?
ESET added detection of this variant of the ransomware as Win32/Filecoder.Sodinokibi.N trojan on July 2nd at 3:22 PM (EDT; UTC-04:00). This detection includes both the main body of the ransomware, as well as DLLs it sideloads.
ESET recommends that customers follow the instructions from Kaseya, including the immediate shut down of on-premises VSA servers (and that all on-premise VSA Servers should continue to remain offline until further notice from Kaseya).
For the latest information from Kaseya, visit https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689.
For more information from ESET researchers, see the WeLiveSecurity article Kaseya supply‑chain attack: What we know so far.
What is Kaseya VSA?
Kaseya VSA is a cloud-based MSP platform that enables providers to perform client monitoring and patch management for their customers.
If you are using Kaseya on-premises VSA, see Kaseya's article to make sure you are prepared to receive the VSA patch and critical security fixes.
