Hello, welcome to the Monday, July 5th, 2021 edition of the Sansonet Storms Centers.

Stormcast, my name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Now, I mentioned that I wasn't going to produce a podcast for Monday, but given the Kasea incident that broke on Friday, I figured I'll

push out this podcast to sort of give you a quick summary of what's going on here.

First of all, Kasea is a software that's typically used by managed service providers, MSPs, that manage

networks of typically small and medium-sized companies.

Part of a Kasea solution is Kasea VSA, which also includes a patch management component

that these managed service providers can use to

basically push out patches in a control manner to their client.

The problem was that on Friday, apparently, the R. Evil Ransomber was propagating via

Kasea VSA. So the problem here is a little bit sort of a two-layer

supply chain attack. Cassaya was apparently compromised, managed service providers that used

Kasea's product, then picked up the ransomware and pushed it to their clients.

As an affected victim, you are essentially a customer of a managed service provider that

does use Kaseya VSA to manage your network.

Kaseya does claim 40,000 customers. Now, we have heard numbers of around 200 or so companies that say they are affected by this.

But remember that a Kasea customer is usually an MSP, and then these MSPs, of course, have multiple businesses whose network they are managing.

So I suspect as people get back to work on Tuesday, probably in the United States,

given the 4th of July weekend that many of them will find an infection with the R.Eval

ransomware. If you are a customer of an MSP that uses

Kasea, then definitely get in touch with the MSP. If you are a Kasea customer, then get in touch

with Kasea.

...