#WHAT IS KASEYA AGENT DRIVERS#
Signing the malware is an evasion technique used by threat actors to get around security controls.įor example, drivers from Microsoft are digitally signed and are assumed to be a trusted software. To casual observers, it looks like legitimate Kaseya traffic when it’s actually installers for malware. As a result, the malware is getting past everything on these client’s systems.
Since the malware is already wrapped in the platform, it’s been signed by Kaseya’s platform. This agent is responsible for pulling from Kaseya servers, which are hosted in the cloud. The Kaseya VSA agent ( C:\PROGRAM FILES (X86)\KASEYA\\AGENTMON.EXE) is deployed to Kaseya’s customers (MSPs) and then deployed to the MSP customer’s systems.
#WHAT IS KASEYA AGENT SOFTWARE#
REvil attacked Kaseya’s VSA SaaS platform using zero-day exploits to gain access and distribute malicious software to their customers and their systems.įrom there, the ransomware gang began using weaknesses on those systems to encrypt everything. Their goal is to target industries that are not known for robust security practices, while also looking for opportunities to spread to anyone who’s relying upon their IT infrastructure. REvil has also gone after childcare centers, dentists’ offices, beauticians.
However, those aren’t their only targets. REvil has targeted major corporations such as JBS Meats, Quanta, and HX5. What Types Of Organizations Does REvil Target? In total, this gang is responsible for more than 300 ransomware campaigns per month.Īccording to KPN, who tracks REvil’s activities, the gang has been increasing the number of their operations. REvil is known to conduct its own campaigns in addition to selling ransomware services. This is typically driven by financial motivation. RaaS gangs sell their expertise to anybody who wants to ransom an organization for any purpose. They’re a full-fledged black hat red team operator. REvil, a ransomware-as-a-Service (RaaS) gang, also known as Sodinokibi, is behind the Kasyea ransomware attack. Who Is Responsible For The Kaseya Attack? Those 1500 companies impacted could turn into 3000. 50 impacted MSPs could turn into hundreds.
#WHAT IS KASEYA AGENT FULL#
We’ve learned throughout these breach reports that it can take several weeks to months for the full implications of an attack to surface. However, even though it’s a small percentage there is potential for this attack to widen. Kaseya has pushed the narrative that it is only a small percentage of their client base has been impacted, which is true. For context, this represents a total of 37,000 of Kaseya’s clients or 0.001% of their total customer base.Īn MSP has a number of companies that they service and if one MSP is breached it’s a downstream effect impacting all of their clients. The Kaseya ransomware attack has impacted over 50 MSPs and between 8 companies.
This includes everything from asset tracking, software monitoring, and warranties on a particular PC.
The purpose, like most software, is to streamline IT operations for MSPs by centralizing all of the management and monitoring of those platforms. The RMM agent is installed on endpoints on client workstations and servers. It’s used by MSPs managed services providers (MSPs), which perform IT functions such as email, phone systems, firewalls, switches, and other networking equipment. Kaseya VSA is a remote monitoring and management (RMM) platform. What Is Kaseya And Why Do Businesses Use It?
0 kommentar(er)
