[KB8095] Does ESET protect me from the Kaseya VSA and MSP supply-chain attack?

Issue

ESET received reports on July 02, 2021, that Kaseya VSA and MSP may be experiencing a supply-chain attack.

Solution

Does ESET protect me from the Kaseya supply-chain attack?

ESET added detection of this variant of the ransomware as Win32/Filecoder.Sodinokibi.N trojan on July 2nd at 3:22 PM (EDT; UTC-04:00). This detection includes both the main body of the ransomware, as well as DLLs it sideloads.
 
ESET recommends that customers follow the instructions from Kaseya, including the immediate shut down of on-premises VSA servers (and that all on-premise VSA Servers should continue to remain offline until further notice from Kaseya).
 
For the latest information from Kaseya, visit https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689.
 
For more information from ESET researchers, see the WeLiveSecurity article Kaseya supply‑chain attack: What we know so far.

What is Kaseya VSA?

Kaseya VSA is a cloud-based MSP platform that enables providers to perform client monitoring and patch management for their customers.
 

Assistęncia Adicional