It does, and in multiple ways! As mentioned our APT Blocker service did detect the Kaseya ransomware the day it was released. In better news, after sharing how our endpoint products detected the Kaseya ransomware, we have had many queries on whether or not our Firebox Threat Detection and Response (TDR) service and agent can also detect it. So you if you receive one with those, that is a potential malicious indicator.
Kasaye has promised that going forward they will not include any links or attachments in the email updates they send.
KASEYA AGENT VERSION FILTER FULL
You should remain skeptical of any emails claiming to be from Kaseya, and be sure to try to validate them as much as possible (pay attention to the full sender domains and the contents). These emails can contain malicious links or attachments. Kaseya has alerted that they have seen threat actors sending spam and phishing emails that pose as fake Kaseya updates or advisories about this incident. While the Kaseya VSA SaaS service is not yet restored (expected Sunday) and patches are not out yet, we do have a few relevant updates we wanted to share including one warning.
KASEYA AGENT VERSION FILTER UPDATE
Update 7: TDR coverage and Kaseya related phishing (July 9, 2021, 8:30am PT): This post came out on Friday, but will continue to update as we learn more information, scroll to the bottom to see the first post with the latest updates at the top. WatchGuard’s endpoint products like WatchGuard EPDR, Panda AD360, and others, can catch the dropped ransomware.
Anyone using an on-premises Kaseya VSA server (does not seem to affect the SaaS version) should turn it off or remove it from your network until Kaseya releases the fix. The attack exploited unpatched vulnerabilities in the Kaseya product that Kaseya is working on fixing ASAP. Kaseya says around 1500 companies (so far), many customers of MSPs, have been affected and the attackers (Revil gang) are asking $70 million in ransom. On Friday, July 2, some MSPs using the on-premises version of Kaseya VSA suffered ransomware attacks that trickled down to their customers. Mana ged Service Providers (MSPs), especially ones using Kaseya VSA, should read this and take action as soon as possible.