This latest ransomware attack hit 50-60 MSPs and then there associated customer base. One would think that the MSPs would have deployed antivirus/ransomware protection for their customers.... Does anyone know what type of endpoint protection was used at these impacted customers?
Hi Rainer Park,
I'd suggest taking a look at our latest Sophos Community Security blog post and our Sophos Labs articles for more information:
Thanks Florentino... I did see those posts and this great video demo which shows that Sophos (even a version from 2017) would have prevented the Revil ransomware from taking root... https://techvids.sophos.com/watch/1QspvEFxvR5bbLkK77FBUB
The news doesn't publish enough info- perhaps understandably--on what type of protection customers had in place... Would this ransomware attack been completely prevented if all these MSPs had deployed Sophos? Was it because these customers were using Symantec antivirus? Etc... This info would help companies make sure they are taking the right actions as well as investing in the right technology etc.
Hi Rainer. We'd certainly like to know the answer to that, but I haven't come across any info about what the affected MSPs/customers had deployed for endpoint protection.
We'll probably never know if some of the affected Kaseya customers did actually use Sophos. Or if some have been protected by Sophos in the attack.
But as we all know, most software vendors likes to have all their executables to be excluded from whatever installed AV not to get in trouble with protection mechanisms and false positives.
Even if you have the best AV on the market and you whitelisted the wrong software deployment tool or endpoint management suite, you'll get pawned.