Security News > 2021 > July > Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware
The threat actors behind the REvil ransomware gang appear to have pushed ransomware via an update for Kaseya's IT management software, hitting around 40 customers worldwide, in what's an instance of a widespread supply-chain ransomware attack.
Following the incident, the IT and security management services company said it took immediate steps to shut down our SaaS servers as a precautionary measure, in addition to notifying its on-premises customers to shut down their VSA servers to prevent them from being compromised.
In the interim, the company also noted it intends to keep all on-premise VSA servers, SaaS, and hosted VSA servers shut down until it's safe to resume operations.
According to Sophos Malware Analyst Mark Loman, the industry-wide supply-chain attack leverages Kaseya VSA to deploy a variant of the REvil ransomware into a victim's environment, with the REvil binary side-loaded via a fake Windows Defender app to encrypt a victim's files.
The attack chain also involves attempts to disable Microsoft Defender Real-Time Monitoring via PowerShell, Loman added.
The researchers noted they had found eight managed service providers, companies that provide IT services to other companies, that had been hit by the attack.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/uGshBztopNw/kaseya-revil-ransomware-attack.html
Related news
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- Five backup lessons learned from the UnitedHealth ransomware attack (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)