Ransomware Attack Via MSP Locks Customers Out of Systems

Vulnerable
plugin for a remote management tool gave attackers a way to encrypt
systems belonging to all customers of a US-based MSP.

An
attacker this week simultaneously encrypted endpoint systems and
servers belonging to all customers of a US-based managed service
provider by exploiting a vulnerable plugin for a remote monitoring and
management tool used by the MSP.

The attack resulted in some 1,500 to 2,000 systems belonging to the
MSP’s clients getting cryptolocked and the MSP itself facing a $2.6
million ransom demand.

Discussions this week on an MSP forum on Reddit over what appears to
be the same — or at least similar — incident suggest considerable
anxiety within the community over such attacks, with a few describing
them as a nightmare scenario.

To read the full article go here