MSP software leveraged, again to spread ransomware across end-customer systems
If you are a Webroot user you may have noticed that they, almost arbitrarily forced 2FA upon you/ their users. Further, they blamed customers “exploiting … customers’ weak cyber hygiene practices.” While I agree 2FA should be a staple of best practices, the lack of accepting, even partially, responsibility is more disturbing to me than the fact that Webroot was used to deploy the Ransomware.
It also appears they attempted to shift blame to an RMM vendor, but the attack was identified by multiple MSPs using N-able, Automate, Kaseya, etc. Ultimately Webroot was exploited to deliver a ransomware payload; and they have yet to take even partial responsibility.
There is no evidence this has been fully contained and the lack of taking responsibility or accountability can only leave one suspect of anything they might say.
Over the last few days CyberGuard360 has helped its’ partners clean up systems they don’t manage with CyberGlass. They’ve strongly encouraged that, until the issue is fully vetted and confirmed resolved, they either replace Webroot ASAP or buttress it with a next-gen product like Sophos’ Intercept X.
I couldn’t agree more.