Vulnerable
plugin for a remote management tool gave attackers a way to encrypt
systems belonging to all customers of a US-based MSP.
An
attacker this week simultaneously encrypted endpoint systems and
servers belonging to all customers of a US-based managed service
provider by exploiting a vulnerable plugin for a remote monitoring and
management tool used by the MSP.
attacker this week simultaneously encrypted endpoint systems and
servers belonging to all customers of a US-based managed service
provider by exploiting a vulnerable plugin for a remote monitoring and
management tool used by the MSP.
The attack resulted in some 1,500 to 2,000 systems belonging to the
MSP’s clients getting cryptolocked and the MSP itself facing a $2.6
million ransom demand.
Discussions this week on an MSP forum on Reddit over what appears to
be the same — or at least similar — incident suggest considerable
anxiety within the community over such attacks, with a few describing
them as a nightmare scenario.
To read the full article go here