Security News > 2021 > July > Kaseya Attack Fallout: CISA, FBI Offer Guidance

The REvil cybergang is taking credit for Friday's massive ransomware attack against managed service provider Kaseya Ltd. The criminals behind the attack claim it infected 1 million systems tied to Kaseya services and are demanding $70 million in bitcoin in exchange for a decryption key.

The attack is considered the single biggest global ransomware attack on record.

The Kaseya attack is believed to have impacted as many as 1,500 firms when attackers targeted multiple managed service providers, which manage the networks of other firms.

"On Friday we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor - our price is 70 000 000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour. If you are interested in such deal - contact us using victims 'readme' file instructions. - REvil."

In a statement released by the FBI on Saturday, the agency announced a coordinated investigation of the attack with CISA. "We encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya's guidance to shut down VSA servers immediately. As always, we stand ready to assist any impacted entities," according to a security alert.

The following day the FBI updated its guidance, encouraging impacted companies to follow newly developed mitigations and report the attack to the agency.

News URL

https://threatpost.com/kaseya-attack-fallout/167541/