A massive ransomware attack was recorded in the United States that has paralyzed the networks of at least 1,000 different companies. The hackers could infiltrate Kaseya VSA (Virtual System Administrator) remote administration software and used it as a channel to distribute ransomware. By infecting the software widely used in the IT infrastructure, they were able to spread the malicious code along with automatic VSA updates.

The ransomware that has spread widely through the VSA infrastructure infiltrated the networks of thousands of companies in 17 countries. Experts believe that the hackers were able to inject malware into VSA software through a zero-day vulnerability. The malware infiltrates company networks, encrypts all data, and demands a ransom from victims for access to the encryption key. In total, VSA software is used by 37 thousand clients.

Kaseya has released a special utility to check the vulnerability of networks. A fix for the vulnerability through which the ransomware virus attacks company networks should be released within the next few days. In the meantime, Kaseya recommends its clients not to enable servers.

Source: 3dnews.ru