Security News > 2021 > July > CISA, FBI share guidance for victims of Kaseya ransomware attack

CISA and the Federal Bureau of Investigation have shared guidance for managed service providers and their customers impacted by the REvil supply-chain ransomware attack that hit the systems of Kaseya's cloud-based MSP platform.
The two federal agencies advise MSPs affected by the Friday REvil attack to further check their systems for signs of compromise using a detection tool provided by Kaseya over the weekend and enable multi-factor authentication on as many accounts as possible.
National Security Council July 4, 2021 REvil hits Kaseya customers in largest ever ransomware attack.
The massive REvil ransomware attack hit multiple managed service providers who are using Kaseya's cloud-based MSP platform for patch management and client monitoring for their customers.
To breach Kaseya on-premises VSA servers, the REvil affiliate behind the attack used a zero-day vulnerability - Kaseya VSA is a RMM software.
The REvil ransomware group claims to have encrypted over 1,000,000 systems and first demanded $70 million for a universal decryptor to decrypt all Kaseya attack victims.
News URL
Related news
- CISA and FBI: Ghost ransomware breached orgs in 70 countries (source)
- Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware (source)
- FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- CISA flags Craft CMS code injection flaw as exploited in attacks (source)
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)