Kaseya VSA is a commonly used solution by Managed Service Providers in the US and UK. It has administrator rights down to client systems, which means infected MSPs infect their clients systems. An apparent auto update in the product has delivered REvil ransomware. The attackers pushed an automated update, which is automatically installed on all managed systems. This management agent update is actually REvil. It deliberately targets backup systems, to hinder restoration. The attacker immediately stops administrator access to the VSA, and then adds a task called Kaseya. VSA Agent Hot-fix This fake update is then deployed across the estate.”]

