An attacker this week simultaneously encrypted endpoint systems and servers belonging to all customers of a US-based managed service provider. Attack resulted in some 1,500 to 2,000 systems belonging to the MSP’s clients getting cryptolocked. Attack was linked to a vulnerable plugin for a remote management tool from Kaseya VSA. The vulnerability was first reported in November 2017 and posted details, along with proof of concept code, on GitHub. The vulnerability exists in ManagedITSync, a ConnectWise plugin.”]