Select your country

Not finding what you are looking for, select your country from our regional selector:


Kaseya ransomware attack

The attack on Kaseya is apparently the latest case of what is considered at this time to be a supply chain attack. Similarly to the Solarwinds incident late last year a large number of entities were potentially infected through compromise of a third party software provider.

Watch our Head of Security Research, Charl van der Walt, commenting on the situation on BBC World News.

What to do if you suspect you are affected

Check IOCs

Kaseya has put up a set of IOCs that you can check on their website as well as some more detailed information.

Keep calm and focus

Establish emergency response procedures and systems, and make sure you have runbooks and alert procedures in place

Review backup & disaster recovery

Make sure your backups are safe and available in case you need them

Prepare support for your employees

Establish a security support hotline and prepare to expand the team providing support

Reach out to CSIRT

In case of an actual attack you can reach out to our Emergency Team. Be aware that in times of global crisis our CSIRT teams might already be booked.

The background

Supply chain attacks do not happen by coincidence. They are the inevitable result of a cyber-climate that is driven by strong systemic forces. Some of these forces can be controlled or at least influenced, others can be prepared for. Understanding what these forces are, and how they are linked, is key in better preparing for the next supply chain attack which we will confront.

Based on the SolarWinds attack we have created a whitepaper that examins these factors in detail.

Download our White Paper: Winds of change- causes and implications of The SolarWinds compromise

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.