Customers of 3 MSPs Hit in Ransomware Attacks

Ransomware recently hit three managed services providers (MSP) after access was obtained to tools that remotely monitor and manage client systems. The two tools that were used for remote management and ransomware deployment were Webroot and Kaseya. The vendors disclosed that stolen credentials were likely used to access their tools at the MSP locations. What isn't clear, is how the attackers achieved their access to the Webroot console. Kyle Hanslovan with Huntress Labs said, 'We've yet to see anything that would suggest the issue is a global Webroot vulnerability.' John Durant, CTO at Kaseya said, 'We continue to urge customers to employ best practices around securing their credentials, regularly rotating passwords, and strengthening their security hygiene.'

Relevant URL(s): https://www.darkreading.com/attacks-breaches/customers-of-3-msps-hit-in-ransomware-attacks/d/d-id/1335025