Security News > 2021 > July > CISA, FBI share guidance for victims of Kaseya ransomware attack

CISA and the Federal Bureau of Investigation have shared guidance for managed service providers and their customers impacted by the REvil supply-chain ransomware attack that hit the systems of Kaseya's cloud-based MSP platform.
The two federal agencies advise MSPs affected by the Friday REvil attack to further check their systems for signs of compromise using a detection tool provided by Kaseya over the weekend and enable multi-factor authentication on as many accounts as possible.
National Security Council July 4, 2021 REvil hits Kaseya customers in largest ever ransomware attack.
The massive REvil ransomware attack hit multiple managed service providers who are using Kaseya's cloud-based MSP platform for patch management and client monitoring for their customers.
To breach Kaseya on-premises VSA servers, the REvil affiliate behind the attack used a zero-day vulnerability - Kaseya VSA is a RMM software.
The REvil ransomware group claims to have encrypted over 1,000,000 systems and first demanded $70 million for a universal decryptor to decrypt all Kaseya attack victims.
News URL
Related news
- Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hunters International ransomware claims attack on Tata Technologies (source)
- Toronto Zoo shares update on last year's ransomware attack (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- CISA: Medusa ransomware hit over 300 critical infrastructure orgs (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- BlackLock ransomware claims nearly 50 attacks in two months (source)