Computers belonging to customers of at least three managed services providers have been hit with ransomware after attackers somehow gained access to tools used by the MSPs to remotely manage and monitor client systems.
Details of the attacks are still only emerging, and the full scope of the incidents or even the names of the MSPs are still not currently available. But early information suggests that attackers likely used two remote management tools at the MSPs — one from Webroot, the other from Kaseya — to distribute the ransomware. Both vendors have said the attackers appear to have used stolen credentials to access their tools at the MSP locations.
Comments on an MSP forum on Redditt, including from security researchers claiming close knowledge of the incidents, suggest one MSP is a large company and that many of its clients have been impacted.
Read more: Dark Reading