Security News > 2021 > July > REvil Used 0-Day in Kaseya Ransomware Attack, Demands $70 Million Ransom

Amidst the massive supply-chain ransomware attack that triggered an infection chain compromising thousands of businesses on Friday, new details have emerged about how the notorious Russia-linked REvil cybercrime gang may have pulled off the unprecedented hack.

The Dutch Institute for Vulnerability Disclosure on Sunday revealed it had alerted Kaseya to a number of zero-day vulnerabilities in its VSA software that it said were being exploited as a conduit to deploy ransomware.

Active since April 2019, REvil is best known for extorting $11 million from the meat-processor JBS early last month, with the ransomware-as-a-service business accounting for about 4.6% of attacks on the public and private sectors in the first quarter of 2021.

The group is now asking for a $70 million ransom payment to publish a universal decryptor that can unlock all systems that have been crippled by file-encrypting ransomware.

"On Friday we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor - our price is 70,000,000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour," the REvil group posted on their dark web data leak site.

"We have not seen evidence of the threat actors attempting to move laterally or propagate the ransomware through compromised networks. That means that organizations with wide Kaseya VSA deployments are likely to be significantly more affected than those that only run it on one or two servers."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/W9fsd5vw3Zk/revil-used-0-day-in-kaseya-ransomware.html