You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Breaches and Incidents
- Attackers exploit two-year-old vulnerability to infect MSPs with GandCrab ransomware

Attackers exploit two-year-old vulnerability to infect MSPs with GandCrab ransomware
Attackers exploit two-year-old vulnerability to infect MSPs with GandCrab ransomware- February 15, 2019
- |
- Breaches and Incidents
/https://cystory-images.s3.amazonaws.com/shutterstock_402658597.jpg)
- Attackers are exploiting the SQL injection vulnerability in the Kaseya VSA plugin to infect the MSPs with Gandcrab ransomware.
- ConnectWise noted that only companies who have the plugin installed on premise were impacted.
Attackers are targeting Managed Service Providers (MSPs) in order to infect their clients with the GrandCrab ransomware. Attackers have leveraged a two-year-old vulnerability in a software package used by MSPs to gain access to vulnerable networks and deploy the GandCrab ransomware on the MSP clients' endpoints.
Vulnerability in the Kaseya VSA plugin
The vulnerability exists in the Kaseya VSA plugin for the ConnectWise Manage software, a professional services automation (PSA) product used by IT support firms. This Kaseya VSA plugin allows MSPs to link data from the Kaseya VSA remote monitoring and management solution to a ConnectWise dashboard.
Many small IT support firms and managed service providers (MSPs) use the two applications to centralize data from their clients and manage customer workstations from a remote central location.
The vulnerability (CVE-2017-18362) in the Kesaya VSA plugin could allow an attacker to create new administrator accounts on the main Kaseya app.
Patch released but not updated by companies
Kaseya has released patches to address this vulnerability, however, many companies failed to update the Kaseya plugin on their ConnectWise dashboards, leaving their networks vulnerable to attacks.
Taunia Kipp, Kaseya executive VP of marketing and communications, said that they have identified 126 companies who failed to update the plugin and were vulnerable to attack.
“We posted a notification/support article to our support help desk and immediately started reaching out via phone/email to those identified who were at risk of impact with resolution,” said Taunia Kipp in an interview with MSSP Alert.
MSP’s clients infected with GandCrab
At the end of January 2019, attackers started exploiting this vulnerability. A Reddit post revealed that attackers breached an MSP's network and then infected the network with GandCrab ransomware on almost 80 clients endpoints.
ConnectWise observed a growing number of ransomware attacks exploiting the Kesaya plugin vulnerability. Furthermore, ConnectWise noted that only companies who have the plugin installed on premise were impacted.
In response to the evolving ransomware attacks, ConnectWise has issued a security alert requesting its users to update their ConnectWise Manage Kaseya plugin.
“Kaseya takes security very seriously and recommends that all customers using the Connectwise Plugin for VSA upgrade to the newly released version of the Plugin immediately or alternatively remove all versions of this Plugin,” ConnectWise stated in the security alert.
Get such articles in your inbox
News
-
Previous News New collection containing 127 million account credentials stolen from 8 companies put up for sale on Dark Web
- February 15, 2019
- |
- Breaches and Incidents
Popular News
Related News
Categories
Get such articles in your inbox
News
-
Previous News New collection containing 127 million account credentials stolen from 8 companies put up for sale on Dark Web
- February 15, 2019
- |
- Breaches and Incidents
Popular News
Related News
Categories
