Attackers carried out a supply chain ransomware attack by leveraging a zero-day vulnerability in Kaseya’s VSA software on Friday July 2, 2021. A compromised Kaseya update reached VSA on-premises servers from where, using the system’s internal scripting engine, the ransomware was deployed to all connected client systems.
For official ongoing updates and instructions from Kaseya, visit https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689.
Webroot has been closely monitoring this situation since first encountering the associated malicious payloads at 16:46 GMT. After quickly determining these payloads to be malicious, all endpoints began detecting and blocking the supply chain attack in real time for our customers.