How the Kaseya mass ransomware happened

Рет қаралды 9,056

Күн бұрын

Пікірлер: 23

@fhalaris6982 3 жыл бұрын

Very interesting information. I work at an affected store in Sweden. It's been some worrying days. But now some IT guy fixed some of the computers.

@ianmcpherson2301 3 жыл бұрын

It will be interesting to see who buys out Kaseya in the next few months. Which of the other big players will "take advantage" of their demise and revaluation to swoop on the wounded company.

@xaza8uhitra4 3 жыл бұрын

good vid . subbed

@danneb9266 3 жыл бұрын

When warned about the zero-day, why didn't Kaseya just immediately advice their customers to promptly isolate the systems from, at least, unprotected access from the Internet? The flav making the zero-day effective is obviously the Internet connected systemes having too weak (no!) protection from access.

@RevealtechnologyNet 3 жыл бұрын

Hosted Kaseya behind a VPN would have stopped it. It's the public exposure to the Internet that made it possible to get in.

@ebusdk 3 жыл бұрын

Not completely. If the device you connect through is compromised, or a device on the inside, you are in the same position. VPN dont provide you safety(quite the opposite) - only connectivity.

@luckbeforeleap 3 жыл бұрын

I agree. What possible reason could an MSP have for allowing their hosted VSA server to be Internet-facing (rather than only accessible behind a firewall that only allows VPN traffic inbound) ? Did the MSP client's devices require authenticated access to the VSA server (to check for updates etc) ? If so how was that access secured. Sounds like poor design to me

@josearnaldopinheirodossant7712 3 жыл бұрын

IQLL, is a big problem I have in my 4 hd's . . .

@ella7382 3 жыл бұрын

Funny how individuals are also not safe from ransomware attack. Hosting your website on AWS is what i think its the best bet if you chose a good machine image to start from. Most of the image available on AWS have good security built in. But you need to be fairly proficient on web server management to make sure you have your server secure as possible. You also need to make sure the code you are running on your AWS instance is good and solid. The big thing you want to make sure you have in place is a good recovery system. Meanwhile a cybersecurity firm like horuxx,com offers services ranging from hack-tracing to recovery to both companies and individuals and they are reliable too, started using them when i kept getting attacked Hackers are capable of hijacking almost anything on the internet, the best you can do is make it more difficult to get your application so they move to somebody else.

@prophetoverprofit 3 жыл бұрын

On how many videos are you going to write this on. You are clearly a spam account created on June 29th of this year.

@justanotherearthling1062 3 жыл бұрын

These are getting bad. Good luck!

@aszthrotep4632 3 жыл бұрын

You never get 100% of the files decrypted after you pay. At best you can get around 65% decrypted/returned files. Take the loss and hunt them down.

@bjaMoke 3 жыл бұрын

Yo Stok!

@ShadCollins 3 жыл бұрын

This just rambles and isn't very specific. Not sure what the target audience is for this.

@frankbradford9616 3 жыл бұрын

IT Professionals; IT Security; and the computer savvy are the audience

@ShadCollins 3 жыл бұрын

@@frankbradford9616 I'm a senior IT person and I found this not helpful.

@RobertPearson777 3 жыл бұрын

Yes, there isn't much out there but it's better than the 2 to 5 minute major network stories.

@TruesecPlay 3 жыл бұрын

Thanks for your feedback. The intention here was to give an overview for general understanding of the situation and answer common questions. We have more details on our blog: blog.truesec.com/2021/07/04/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware/

@ShadCollins 3 жыл бұрын

@@TruesecPlay That is perfect. Thank you.