Kaseya released some emergency updates on July 11, and these updates also fix the vulnerabilities that are present in the Virtual System Administrator (VSA) software, which has affected 1500 companies around the world.
However, this ransomware attack has affected hundreds of companies all over the world, but luckily Kaseya has restored its servers. After completing the restoration process, the company claimed in the report that after several days of delay they have successfully recovered all its servers.
Kaseya Releases Patch
After encountering such ransomware attacks, Kaseya has requested all its VSA customers to shut down their servers until and unless a patch comes.
Luckily Kaseya discovered the VSA 9.5.7a (126.96.36.19994) update and it comes with patches that fix the vulnerabilities which have been used in the REvil ransomware attack.
However, with this new update, Kaseya has fixed mentioned below vulnerabilities:-
- Credentials leak and business logic flaw: CVE-2021-30116
- Cross-Site Scripting vulnerability: CVE-2021-30119
- 2FA bypass: CVE-2021-30120
- It has also fixed an issue where the secure flag was not being utilized for User Portal session cookies.
- The update also fixed the problem where the API responses would have a password hash, which is exposing any weak passwords to a brute force attack. T
- Fixed a vulnerability that enables the unauthorized upload of files to the VSA server.
Kaseya Fixed three on-premise VSA Bugs
According to the report, the company has fixed three on-premise VSA bugs, and here we have mentioned them below:-
- CVE-2021-30116 – A credentials leak and business logic flaw, included in version 9.5.7.
- CVE-2021-30119 – A cross-site scripting (CSS) vulnerability, included in version 9.5.7.
- CVE-2021-30120 – A bypass of two-factor authentication (2FA), included in version 9.5.7.
Kaseya Restored its Servers
As we said above that after few weeks of the attack, Kaseya has luckily restored its servers. However, after restoring its servers, the company stated that they will keep publishing updates on different progress and they will also provide a proper implementation of the (security) patch.
Moreover, the analysts have asserted that this attack can be one of the largest ransomware attacks. Apart from this the analysts also stated in the report that this kind of ransomware attack is a lucrative way to take hostages on a digital level and demand a huge amount of money from the victims.
According to the experts, this ransomware has attacked a major Swedish supermarket chain, that consists of 800 stores all around the world, and not only this but this attack has also affected several businesses in at least 17 countries.
Worried about Cyberattacks!! here is the all in One Security Platform that can help you secure your Cloud Web Applications and Data.Sponsored