Vulnerable plugin for a remote management tool gave attackers a way to encrypt systems belonging to all customers of a US-based MSP.
An attacker this week simultaneously encrypted endpoint systems and servers belonging to all customers of a US-based managed service provider by exploiting a vulnerable plugin for a remote monitoring and management tool used by the MSP.
The attack resulted in some 1,500 to 2,000 systems belonging to the MSP's clients getting cryptolocked and the MSP itself facing a $2.6 million ransom demand.
Discussions this week on an MSP forum on Reddit over what appears to be the same — or at least similar — incident suggest considerable anxiety within the community over such attacks, with a few describing them as a nightmare scenario.
To read the full article go here