First published: 03 Jul 2021
Last updated: 12 Jul 2021

Content written for

Large organisations & infrastructure
Government

Background

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed reporting that organisations globally have been impacted by the Kaseya VSA compromise and REvil ransomware.

The ASD’s ACSC has also received reporting from impacted Australian organisations.

The ASD’s ACSC is aware that a vulnerability in the Kaseya VSA platform enabled the REvil group to distribute malware through update mechanisms within Kaseya VSA with the intent of encrypting and ransoming data held on victim networks. For more information, please refer to Kaseya’s notification. Early reporting of this issue suggested a Supply-Chain attack, Kaseya advise that malicious actors exploited a critical vulnerability (CVE-2021-30116) in the platform to deploy ransomware.

Update and Mitigation

On 12 July 2021, Kaseya released a patch which mitigates ongoing risk to organisations of compromise through this activity. Please see Kaseya’s page for instructions on how to prepare you VSA server to safely apply this patch.

Assistance

The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required.

Organisations that have been impacted or require assistance can contact the ASD’s ACSC via 1300 CYBER1.

Was this helpful?
Yes this was helpful
No this was not helpful

Thanks for your feedback!

We welcome additional feedback below.

Was this information easy to understand?
Will you take action after reading this?
Did you find the information you were looking for?
Did the design and layout of this page meet your expectations?