This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Re: Kaseya Ransomware Attack

This latest ransomware attack hit 50-60 MSPs and then there associated customer base. One would think that the MSPs would have deployed antivirus/ransomware protection for their customers.... Does anyone know what type of endpoint protection was used at these impacted customers?

This thread was automatically locked due to age.

Parents

0 FloSupport over 3 years ago
Hi Rainer Park,

I'd suggest taking a look at our latest Sophos Community Security blog post and our Sophos Labs articles for more information:

https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/

https://news.sophos.com/en-us/2021/07/02/kaseya-vsa-supply-chain-ransomware-attack/
Florentino
Director, Global Community & Digital Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the 'Verify Answer' button.

The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 Rainer Park over 3 years ago in reply to FloSupport

Thanks Florentino... I did see those posts and this great video demo which shows that Sophos (even a version from 2017) would have prevented the Revil ransomware from taking root... https://techvids.sophos.com/watch/1QspvEFxvR5bbLkK77FBUB

The news doesn't publish enough info- perhaps understandably--on what type of protection customers had in place... Would this ransomware attack been completely prevented if all these MSPs had deployed Sophos? Was it because these customers were using Symantec antivirus? Etc... This info would help companies make sure they are taking the right actions as well as investing in the right technology etc.
Cancel
Vote Up 0 Vote Down

Cancel
0 Maxim-Sophos over 3 years ago in reply to Rainer Park

Hi Rainer. We'd certainly like to know the answer to that, but I haven't come across any info about what the affected MSPs/customers had deployed for endpoint protection.
Cancel
Vote Up 0 Vote Down

Cancel
0 LHerzog over 3 years ago in reply to Rainer Park

We'll probably never know if some of the affected Kaseya customers did actually use Sophos. Or if some have been protected by Sophos in the attack.

But as we all know, most software vendors likes to have all their executables to be excluded from whatever installed AV not to get in trouble with protection mechanisms and false positives.

Even if you have the best AV on the market and you whitelisted the wrong software deployment tool or endpoint management suite, you'll get pawned.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 LHerzog over 3 years ago in reply to Rainer Park

We'll probably never know if some of the affected Kaseya customers did actually use Sophos. Or if some have been protected by Sophos in the attack.

But as we all know, most software vendors likes to have all their executables to be excluded from whatever installed AV not to get in trouble with protection mechanisms and false positives.

Even if you have the best AV on the market and you whitelisted the wrong software deployment tool or endpoint management suite, you'll get pawned.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data