Security News > 2021 > July > REvil ransomware hits 200 companies in MSP supply-chain attack
A massive REvil ransomware attack affects multiple managed service providers and their clients through a reported Kaseya supply-chain attack.
Starting this afternoon, the REvil ransomware gang targeted approximately six large MSPs, with thousands of customers, through what appears to be a Kaseya VSA supply-chain attack.
"We are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only as of 2:00 PM EDT today," reads a warning on Kaseya's site.
BleepingComputer has been told by both Huntress' John Hammond and Sophos' Mark Loman that the attacks on MSPs appear to be a supply chain attack through Kaseya VSA. According to Hammond, an agent.
A sample of the REvil ransomware used in one of these attacks has been shared with BleepingComputer.
While REvil is known to steal data before deploying the ransomware and encrypting devices, it is unknown if the attackers exfiltrated any files.
News URL
Related news
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- North Korea targets crypto developers via NPM supply chain attack (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Qilin ransomware claims attack at Lee Enterprises, leaks stolen data (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hunters International ransomware claims attack on Tata Technologies (source)