MSP customers infected with ransomware after attack via management tool

Customers of a US managed service provider (MSP) have become infected with ransomware after an attack was conducted through the tool that the MSP uses to remotely monitor and manage customer systems. The attack would have affected 1,500 to 2,000 customer systems, Dark Reading reports .

The attack took place via ConnectWise , a plug-in for Kaseya. Kaseya is a tool to manage systems remotely. The vulnerability allows an attacker to execute sql commands on a Kaseya server without a password. The vulnerability was updated in 2017. According to Kaseya, not all customers have yet installed this update or done it incorrectly, leaving them vulnerable to attack.

According to security company Huntress Labs , attackers are actively exploiting the vulnerability to install the GandCrab ransomware. The name of the MSP has not been disclosed, but a message on Reddit , which is most likely related to the same incident, speaks of a local “mid-sized” managed service provider with some 80 customers.