Vendor Risk Management - Remember their security practices will affect your security posture. An attacker this week simultaneously encrypted endpoint systems and servers belonging to all customers of a US-based managed service provider by exploiting a vulnerable plugin for a remote monitoring and management tool used by the MSP

The attack resulted in some 1,500 to 2,000 systems belonging to the MSP's clients getting cryptolocked and the MSP itself facing a $2.6 million ransom demand

In this case, the executable was Gandcrab, a widely distributed ransomware tool that has been used in numerous previous attacks. All customer systems that the MSP was managing via the Kaseya RMM tool were encrypted simultaneously, locking users out of them.

Attacks on MSPs are a growing concern. Recently, threat actors, some sponsored by nation states, have begun targeting MSPs in an attempt to get to the networks of their clients.

https://www.darkreading.com/attacks-breaches/ransomware-attack-via-msp-locks-customers-out-of-systems/d/d-id/1333825