UBX Cloud Uncovers Hackers Exploiting MSP Software to Launch Ransomware Attacks

UBX Cloud‘s engineers discovered hackers exploiting a previously undocumented attack path targeting the managed IT industry, while working with one of its MSP partners which reported its end-users’ physical servers being attacked with encryption-based ransomware.

The new path of attack leverages applications commonly used by managed IT service providers, remote monitoring and management (RMM) and cybersecurity software from Kaseya Ltd. and Webroot, Inc. respectively, to launch ransomware attacks against end-users.

Both Kaseya and Webroot have issued statements that the attacks involved compromised credentials, as opposed to breaches or software vulnerabilities. Webroot has made two-factor authentication a mandatory service and Kaseya is recommending that users activate 2FA as a result.

Roughly 30% of the end-user systems impacted by the attack were quickly recoverable because the victim of the attack utilized the company’s Veeam-powered air-gapped offsite backups, which allowed those users to recover their systems in less than 30 minutes. However, recovering the remaining 70% of the impacted systems cost the MSP over $150,000 in bitcoin to gain access to the decryption keys, required to recover the data that was not protected by air-gapped backups.

About UBX Cloud
The firm is a Michigan-based cloud service provider with data centers in the United States, South America and India. Services include Managed IT-as-a-Service, private/hybrid cloud, DR, cloud workspaces, Veeam Cloud Backup and a variety of custom IT consulting services.