A massive REvil ransomware attack affects multiple managed service providers and their clients through a reported Kaseya supply-chain attack.
Starting this afternoon, the REvil ransomware gang targeted approximately six large MSPs, with thousands of customers, through what appears to be a Kaseya VSA supply-chain attack.
Kaseya VSA is a cloud base MSP platform that allows providers to perform patch management and client monitoring.
Huntress Labs’ John Hammond has told BleepingComputer that all of the affected MSPs are using Kaseya VSA and that they have proof that their customers are being encrypted as well.
We have 3 Huntress partners that are impacted with roughly 200 businesses encrypted, Hammond told BleepingComputer.
Kaseya is warning all VSA customers to immediately shut down their VSA server to prevent the attack’s spread while they investigate.