Security News

Kaseya says the REvil supply-chain ransomware attack breached the systems of roughly 60 of its direct customers using the company's VSA on-premises product. "The attack had limited impact, with only approximately 50 of the more than 35,000 Kaseya customers being breached," Kaseya said in a press release.

Kaseya has said it's been unable to find signs its code was maliciously modified, and offered its users a ray of hope with news that it is testing a patch for its on-prem software and is considering restoring its SaaS services on Tuesday, US Eastern Daylight Time. The beleaguered IT for service providers company is fighting a supply chain attack on its VSA product that it has documented with a rolling advisory that was updated at 09:30PM on July 5th EDT. The update has good news and bad news.

Amidst the massive supply-chain ransomware attack that triggered an infection chain compromising thousands of businesses on Friday, new details have emerged about how the notorious Russia-linked REvil cybercrime gang may have pulled off the unprecedented hack. The Dutch Institute for Vulnerability Disclosure on Sunday revealed it had alerted Kaseya to a number of zero-day vulnerabilities in its VSA software that it said were being exploited as a conduit to deploy ransomware.

The REvil cybergang is taking credit for Friday's massive ransomware attack against managed service provider Kaseya Ltd. The criminals behind the attack claim it infected 1 million systems tied to Kaseya services and are demanding $70 million in bitcoin in exchange for a decryption key. The attack is considered the single biggest global ransomware attack on record.

CISA and the Federal Bureau of Investigation have shared guidance for managed service providers and their customers impacted by the REvil supply-chain ransomware attack that hit the systems of Kaseya's cloud-based MSP platform. The two federal agencies advise MSPs affected by the Friday REvil attack to further check their systems for signs of compromise using a detection tool provided by Kaseya over the weekend and enable multi-factor authentication on as many accounts as possible.

Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit. Less than a month ago, Biden pressed Russian President Vladimir Putin to stop giving safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the U.S. deems a national security threat.

REvil ransomware has set a price for decrypting all systems locked during the Kaseya supply-chain attack. Customers of multiple MSPs have been impacted by the attack, REvil ransomware encrypting networks of at least 1,000 businesses across the world.

Phishing impersonations and business email compromise attacks designed to steal victims' bitcoin surged by 192% between October 2020 and May 2021, closely following the rising demand and increasing price of bitcoin over the last eight months, according to analysis by Barracuda Networks. Bitcoin themed cyber attacks have typically been used in extortion and ransomware attacks in the past, but hackers have now started to incorporate cryptocurrency into spear phishing, impersonation, and BEC attacks, the analysis revealed.

IT management software provider Kaseya has deferred an announcement about restoration of its SaaS services, after falling victim to a supply chain attack that has seen its products become a delivery mechanism for the REvil ransomware. The update is needed because last Friday Kaseya advised users of its on-premises software to shut it down ASAP after a detecting a supply chain attack on its VSA product - a tool that combines endpoint management and network monitoring.

The threat actors behind the REvil ransomware gang appear to have pushed ransomware via an update for Kaseya's IT management software, hitting around 40 customers worldwide, in what's an instance of a widespread supply-chain ransomware attack. Following the incident, the IT and security management services company said it took immediate steps to shut down our SaaS servers as a precautionary measure, in addition to notifying its on-premises customers to shut down their VSA servers to prevent them from being compromised.