Hackers Use Webroot and Kaseya to Spread Ransomware

Ransomware Corrupts the Systems of MSPs and Their Clients

Three Managed Service Providers (MSPs) have found themselves in a bit of hot water after ransomware spread throughout their network and that of their clients. MSPs offer managed services to businesses, including the management of their cyber security.

Since this attack was just reported, very few specifics have been released to the public. However, here is what we do know. At least three MSPs were impacted; however, the number of MSP clients affected remains unknown. Upon early investigations, it remains unclear how the hackers breached the Webroot and Kaseya networks. However, it does appear they were able to remote access into the computers using stolen credentials. From there, hackers used both Webroot and Kaseya to execute what is believed to be the latest ransomware threat, Sodinokibi, through PowerShell.

It is important to note, the execution through PowerShell would likely not be stopped by several security solutions, because the malware is running through a trusted scripting engine, not an executable file. Therefore, to effectively avoid this threat, users must deploy a security solution that has a fileless malware prevention component.

Just this week, ransomware researchers from Coveware stated they believed Sodinokibi would be the next big threat when it comes to ransomware, projecting it will take the place of the newly retired, GandCrab.

Once Sodinokibi launched, it encrypted the network’s files and deleted the backup copies as well.

Not all Webroot or Kaseya customers are believed to be targeted. Researchers have confirmed, the MSPs who have been hit did not have two-factor authentication enabled in either program.

A Lesson Learned

MSPs are trusted to keep business networks secure. Yet, in some cases, are failing to execute the basics when it comes to cyber security hygiene.

To ensure your networks are secure, businesses and MSPs should:

  • Change your passwords frequently
  • Set up a password complexity model
  • Enable two-factor authentication on all programs and applications that permit it
  • Deploy a security solution that utilizes application whitelisting and malicious script blocking

 4,777 total views,  4 views today

(Visited 1 times, 1 visits today)

4 thoughts on “Hackers Use Webroot and Kaseya to Spread Ransomware”

  1. Capt. Keiti Hashimero

    I ALMOST INSTALLED Webroot too, Whilst it was on a 50 percent off Sale.
    I so feel Better, now, That I did not Bite, and Purchase the program.
    Thanks for the Article written within, and feedback also from, the comment section.
    Spot On!

  2. The other day I had an email saying that a RAT was injected into my computer and webroot and advanced system pro couldn’t find it. How do I find it and kill it or uninstall. They said it was encrypted

  3. Donald P Gardner

    Thank you Kayla for these informative articles. I really enjoyed your attention to detail and explanations where ordinary people like me can understand.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.