Active Defense Strategies for Kaseya Style Ransomware Attacks

December 25, 2022

The best active defense strategies for Kaseya style ransomware attacks aren’t just firewalls and anti-virus. They’re active defense strategies. These involve exploiting the initial access vector, establishing zero trust, and creating a centralized data defense strategy.

Zero trust security

One of the most required active defense strategies for Kaseya style ransomware attacks is the supply chain attack. The attack hit more than 1,000 businesses across several countries, including supermarkets, retail stores, and software vendors. In the aftermath of the attack, several companies forced to shut down their operations.

The security community is beginning to see more and more implications of the growing number of ransomware attacks. In addition, bad actors are refining their methods to attack networks more effectively. These new tactics, such as double extortion, increase the odds that a business will pay the ransom.

To protect against Kaseya style supply chain attacks, companies should consider using a Zero Trust security model. This model provides automated protection to prevent malicious actions against assets on premise and in the cloud. It also limits the attacker’s access to critical systems and reduces the severity of a ransomware attack.

Internal data defense strategy

Ransomware has become a very powerful cyber weapon. It can disrupt services and steal data. However, if the attack not detected early, it can lead to big consequences. To avoid this, a soli internal data active defense strategies for Kaseya style ransomware attacks is required. This can done by monitoring the behavior of devices.

Behavioral analysis can use to identify anomalous behaviors that may indicate an attack. Although it can take a bit of investment to implement, it is important to detect attacks early.

For example, if an organization notices a change in device behavior or a spike in malware activity, it might be due to a malicious software update. It might be a good idea to engage forensic experts to determine the damage caused by the attack.

Exploitation as the initial access vector

Kaseya is a virtual system administrator (VSA) product that use to manage and operate customer infrastructure. It widely used by managed service providers in the US and the UK. Despite being a powerful tool, it is vulnerable to attack.

A recent ransomware attack against Kaseya was a prime example of exploits in action. The attackers used a zero day security flaw to bypass authentication and subsequently execute a malicious payload. The zero-day flaw discovered by the Dutch Institute for Vulnerability Disclosure.

The zero day exploit allows an attacker to run arbitrary commands on the targeted server, which can lead to code execution. While this is not the first ransomware attack to exploit a zero day, it is the first to exploit a zero day in the context of a supply chain attack.

Threat actors move faster than organizations can patch

With the rapid rise of ransomware attacks, organizations must take active defense strategies to prevent them. Specifically, they should implement good cyber hygiene, such as patching software, avoiding vulnerabilities, and updating systems.

In addition to updating their systems, organizations should review their business continuity plans and take other preventive security measures. For example, they should use Application Whitelisting Security, which prevents malicious code from running on their computers and keeps their systems on premise.

In the past year, cyber-threat actors have gotten smarter and faster. This often reflected in their exploitation of known vulnerabilities. For example, the REvil ransomware group exploited vulnerabilities in the Kaseya VSA software, bypassing authentication controls. Then, they uploaded a malicious payload to hundreds of companies and closed hundreds of schools.

In addition, Iranian state-backed threat actors have been exploiting Fortinet vulnerabilities since March 2021. They have also launched data exfiltration and extortion campaigns.

Thales ransomware group leaked 9.5 GB archive

A recent Kaseya style ransomware attack has impacted thousands of customers. It is one of the first attacks to exploit a zero-day vulnerability. The attackers used vulnerabilities in the VSA software to deliver their payload to clients. An active defense strategies for Kaseya style ransomware attacks is essential for all type of organizations.

The REvil gang is also known for its attacks on beauty salons, dentists, and childcare centers. It has been responsible for 300 ransomware campaigns per month.

In the first half of 2021, REvil has already exceeded the amount of money it made last year. During that period, the gang pushed out hundreds of ransomware campaigns to hundreds of targeted customers.

In addition to attacking businesses, REvil has also been known to target schools. As a result of the attacks, over 1,000 organizations had their servers encrypted. Some companies have paid the ransom, while others did not.

Ammar Fakhruddin


Ammar brings in 18 years of experience in strategic solutions and product development in Public Sector, Oil & Gas and Healthcare organizations. He loves solving complex real world business and data problems by bringing in leading-edge solutions that are cost effective, improve customer and employee experience. At Propelex he focuses on helping businesses achieve digital excellence using Smart Data & Cybersecurity solutions.

Preparing Businesses for AI-Powered Security Threats

Preparing Businesses for AI-Powered Security Threats

Preparing businesses for AI-powered security threats. Stay ahead of evolving cybersecurity challenges with proactive strategies and advanced technologies. When AI goes wrong, the repercussions can be devastating. They range from the loss of life if an AI medical...

Reducing CISOs’ Risk with Data Broker Management

Reducing CISOs’ Risk with Data Broker Management

Reducing CISOs' risk with data broker management. Explore strategies to enhance cybersecurity and safeguard sensitive information in the digital landscape. Every time you use a search engine, social media app or website, buy something online or even fill out a survey...

Vulnerability Prediction with Machine Learning

Vulnerability Prediction with Machine Learning

Advance vulnerability prediction with machine learning. Explore how AI can enhance proactive cybersecurity measures to mitigate potential risks. Machine learning is a field devoted to understanding and building methods that let machines “learn” – that is, methods that...

Recent Case Studies

Mid-size US based firm working on hardware development and provisioning, used DevOps-as-a-...
One of the fastest growing providers of wealth management solutions partnered to build a m...
A US based software startup working on the advancements in genomics diagnostics and therap...

Press Releases

News & Events


Managed Security Services
Security & Privacy Risk Assessment
Cloud Platform Security
Incident Response & Business Continuity

Penetration Testing

Virtual CISO

Email Security & Phishing



About Us