Security News > 2021 > July > REvil victims are refusing to pay after flawed Kaseya ransomware attack
The REvil ransomware gang's attack on MSPs and their customers last week outwardly should have been successful, yet changes in their typical tactics and procedures have led to few ransom payments.
This tactic led to the most significant ransomware attack in history, with approximately 1,500 individual businesses encrypted in a single attack.
While BleepingComputer knows of two companies who paid a ransom to receive a decryptor, overall, this attack is likely not nearly as successful as the REvil gang would have expected.
Emsisoft CTO Fabian Wosar extracted the configuration for a REvil ransomware sample used in the attack, and it shows that the REvil affiliate made a rudimentary attempt of deleting files in folders containing the string 'backup.
Bill Siegel, CEO of ransomware negotiation firm Coveware, told BleepingComputer that this is a similar decision for many other victims of the attack as not one of their clients has had to pay a ransom.
"In the Kaseya attack, they opted to try and impact EVERY Kaseya client by targeting the software vs direct ingress to an MSP's network. By going for such a broad impact they appear to have sacrificed the step of encrypting / wiping backups at the MSP control level," Siegel told BleepingComputer.
News URL
Related news
- OneBlood confirms personal data stolen in July ransomware attack (source)
- Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M (source)
- Medusa ransomware group claims attack on UK's Gateshead Council (source)
- Ransomware attack forces Brit high school to shut doors (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)
- Only 13% of organizations fully recover data after a ransomware attack (source)
- Ransomware attack at New York blood services provider – donors turned away during shortage crisis (source)
- Ransomware attack disrupts New York blood donation giant (source)
- Indian tech giant Tata Technologies hit by ransomware attack (source)