H-ISAC TLP White Threat Bulletin CISA Current Activity - Kaseya VSA Supply-Chain Ransomware Attack July 2, 2021

On July 2, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) has published the Current Activity regarding the .  CISA is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple MSPs that employ VSA software. CISA encourages organizations review the  and immediately follow their guidance to shutdown VSA servers. 

Kaseya released an important notice stating they are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers as of 2:00 PM EDT today July 2, 2021.  The statement is as follows:

"We are in the process of investigating the root cause of the incident with an abundance of caution, but we recommend that you IMMEDIATELY shutdown your VSA server until you receive further notice from us. 

Its critical that you do this immediately, because one of the first things the attacker does is shutoff administrative access to the VSA." 

Health-ISAC's Threat Operations Center will continue to monitor the evolving incident and provide updates as they become available.

 

 

 

 

 

Key Resources

Related Resources

Advancing Health Podcast
Leadership Dialogue Series: Cybersecurity and the Fight to Safeguard Health Care
Public
Special Bulletin
UPDATE: AHA and Health-ISAC Threat Advisory: FBI Advises No Specific Credible Threat Targeting Hospitals
Public
Special Bulletin
AHA and Health-ISAC Bulletin on Threat to Hospitals
Member
AHA Center for Health Innovation Market Scan
Rural Hospitals Move to Enhance Cybersecurity
Advancing Health Podcast
Critical Condition: Cybersecurity in Rural Hospitals with Microsoft Part 2
Advancing Health Podcast
Critical Condition: Cybersecurity in Rural Hospitals with Microsoft Part 1
Public