Security News > 2021 > July > CISA, FBI share guidance for victims of Kaseya ransomware attack
CISA and the Federal Bureau of Investigation have shared guidance for managed service providers and their customers impacted by the REvil supply-chain ransomware attack that hit the systems of Kaseya's cloud-based MSP platform.
The two federal agencies advise MSPs affected by the Friday REvil attack to further check their systems for signs of compromise using a detection tool provided by Kaseya over the weekend and enable multi-factor authentication on as many accounts as possible.
National Security Council July 4, 2021 REvil hits Kaseya customers in largest ever ransomware attack.
The massive REvil ransomware attack hit multiple managed service providers who are using Kaseya's cloud-based MSP platform for patch management and client monitoring for their customers.
To breach Kaseya on-premises VSA servers, the REvil affiliate behind the attack used a zero-day vulnerability - Kaseya VSA is a RMM software.
The REvil ransomware group claims to have encrypted over 1,000,000 systems and first demanded $70 million for a universal decryptor to decrypt all Kaseya attack victims.
News URL
Related news
- AutoCanada says ransomware attack "may" impact employee data (source)
- Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between (source)