If you want all of their interim updates, follow their main advisory post.
#WHAT DOES SOFTWARE KASEYA AGENT DO UPDATE#
Rather than continuing to share all their updates (including some that haven’t come to pass), we will wait to update this post until they have solidly released a patch and/or restored the SaaS service. They say they will email clients a video from their CEO with more detail, but it appears the on-premises VSA patch will not come out today (nor is the SaaS service restored). It appears they will not meet some of the times and dates they shared earlier today. We have been sharing Kaseya’s interim updates about both the restoration of their VSA SaaS service and the patches for their on-premises version. There is a saying that, “people plan, God laughs,” essentially meaning the best laid plans don’t always execute exactly as desired in the real world. Update 6: Kaseya release delays People plan, God laughs (July 7, 2021, 4pm PT): We have also since added all this threats signatures and IoCs to our threat intelligence too, but either of those features would have prevented this even before those signatures and threat intelligence.Īs previously mentioned, we will update you as soon as Kaseya starts releasings their patches. HRP also triggers on the Kaseya Ransomware, and prevents it from encrypting files. However, we have also tested TDR’s Host Ransomware Prevention (HRP) capability, which is a behavioral analysis model HRP applies to all running processes. If you configure TDR to use APT Blocker, that alone would have caught it. It does, and in multiple ways! As mentioned our APT Blocker service did detect the Kaseya ransomware the day it was released. In better news, after sharing how our endpoint products detected the Kaseya ransomware, we have had many queries on whether or not our Firebox Threat Detection and Response (TDR) service and agent can also detect it. So you if you receive one with those, that is a potential malicious indicator. Kasaye has promised that going forward they will not include any links or attachments in the email updates they send.
#WHAT DOES SOFTWARE KASEYA AGENT DO FULL#
You should remain skeptical of any emails claiming to be from Kaseya, and be sure to try to validate them as much as possible (pay attention to the full sender domains and the contents). These emails can contain malicious links or attachments. Kaseya has alerted that they have seen threat actors sending spam and phishing emails that pose as fake Kaseya updates or advisories about this incident. While the Kaseya VSA SaaS service is not yet restored (expected Sunday) and patches are not out yet, we do have a few relevant updates we wanted to share including one warning. Update 7: TDR coverage and Kaseya related phishing (July 9, 2021, 8:30am PT): This post came out on Friday, but will continue to update as we learn more information, scroll to the bottom to see the first post with the latest updates at the top.
WatchGuard’s endpoint products like WatchGuard EPDR, Panda AD360, and others, can catch the dropped ransomware. Anyone using an on-premises Kaseya VSA server (does not seem to affect the SaaS version) should turn it off or remove it from your network until Kaseya releases the fix. The attack exploited unpatched vulnerabilities in the Kaseya product that Kaseya is working on fixing ASAP. Kaseya says around 1500 companies (so far), many customers of MSPs, have been affected and the attackers (Revil gang) are asking $70 million in ransom. On Friday, July 2, some MSPs using the on-premises version of Kaseya VSA suffered ransomware attacks that trickled down to their customers. Mana ged Service Providers (MSPs), especially ones using Kaseya VSA, should read this and take action as soon as possible.