Last update 2021-07-02, 22:40 UTC
Sophos is aware of a supply chain attack that uses Kaseya to deploy ransomware into a victim’s environment. Organizations running Kaseya VSA are potentially impacted. Kaseya has stated that the attack started around 14:00 EDT/18:00 UTC and they are investigating the incident.
In parallel, SophosLabs and the Sophos Security Operations team have investigated and found indicators of compromise (IoCs) and detections that will help people determine next steps.
Sophos has created a Security Blog article on this attack that details the IoCs and recommended actions. We will continue to update this article in real-time as new information becomes available.
Sophos customers are protected via detections in multiple Sophos products. Please see the Security Blog article for full details.