Security News > 2021 > July > Details of the REvil Ransomware Attack
This weekend's attack was carried out with almost surgical precision.
According to Cybereason, the REvil affiliates first gained access to targeted environments and then used the zero-day in the Kaseya Agent Monitor to gain administrative control over the target's network.
Cybereason said that the certificate appears to have been used exclusively by REvil malware that was deployed during this attack.
To add stealth, the attackers used a technique called DLL Side-Loading, which places a spoofed malicious DLL file in a Windows' WinSxS directory so that the operating system loads the spoof instead of the legitimate file.
REvil is demanding $70 million for a universal decryptor that will recover the data from the 1,500 affected Kaseya customers.
Instead of infecting those 1,500 networks directly, REvil infected a single managed service provider.
News URL
https://www.schneier.com/blog/archives/2021/07/details-of-the-revil-ransomware-attack.html
Related news
- OneBlood confirms personal data stolen in July ransomware attack (source)
- Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M (source)
- Medusa ransomware group claims attack on UK's Gateshead Council (source)
- Ransomware attack forces Brit high school to shut doors (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)
- Only 13% of organizations fully recover data after a ransomware attack (source)
- Ransomware attack at New York blood services provider – donors turned away during shortage crisis (source)
- Ransomware attack disrupts New York blood donation giant (source)
- Indian tech giant Tata Technologies hit by ransomware attack (source)