Kaseya Suffers Massive Ransomware Attack - Millions of firms affected


Cybercriminals with Russian ties stunned the world over the Fourth of July holiday weekend. They announced that they had targeted over a million organizational systems in a ransomware rampage.

The Attack

After more than a thousand businesses found that their data had been encrypted by threat actors, experts hurried to understand the perceived nature and scope of the attack.

By targeting Kaseya, a well-known software vendor, the attackers targeted a number of IT organizations and exposed the data of corporate clients.

Firms wishing to efficiently manage client systems use Kaseya VSA, a commonly used software solution by numerous Managed Service Providers (MSPs) across the United States and the United Kingdom.

The big cyber incident, according to ethical hacker Mark Loman's tweet, was a REvil supply chain attack breakout. It was traced back to a malicious Kaseya upgrade.

The Demands

The REvil ransomware organization made its demands public through a post on a dark web platform. The platform is linked to cybercriminals. The ransomware authors announced that in exchange for a $70 million payment, they would provide victims with a universal decryption solution.

The ransomware organization has been linked to the same cybercriminals who were behind a cyberattack on JBS. JBS is the world's largest meat processor, in the United States. In the June incident, the victim was forced to pay a $11 million ransom.

The JBS case was one of the most well-known cyber incidents in US history. The ransomware attack halted vital operations at several of the company's meatpacking plants. It even affected the company's North American headquarters in Greeley.

Experts Analyze the Attacks

Cybersecurity experts believe that the cyberattack over the holiday weekend was not a coincidence. The timing of the events was discovered to suit REvil's operational approach. Looking back on the JBS attack, the company discovered that they had been attacked by a ransomware attack over Memorial Day weekend, while the majority of the company's employees were on vacation.

According to media sources, Dutch cybersecurity specialists were aware of a long-standing Kaseya vulnerability well before the recent cyber incident.

According to Victor Gevers of the Dutch Institute for Vulnerability Exposure, a software fix has already been developed, despite the fact that delivery was still pending. Several issues remain unanswered about how REvil attackers learned of the exploit before the software fix was released.

According to the facts of an article published by BleepingComputer, the ransomware gang has established a base ransom demand of $5 million for MSPs and $45,000 for small businesses. Brett Callow, a seasoned threat analyst at cybersecurity firm Emsisoft, predicted that firms will scramble to reach an agreement with REvil, causing delays in the entire process.

REvil's demand for a combined ransom payment, according to a cybersecurity analyst, may be the result of the ransomware group's statement that they wish to end their campaign swiftly.

The expert's analysis of the thought process behind REvil's decision, which appears to seek a quick resolution – the ransomware group may have realized that their actions have caused a much bigger problem than they originally anticipated – was followed by Allan Liska's statement from Recorded Future.

The Federal Bureau of Investigation has stated their commitment to investigating the cyber incident and has issued a public notice urging victims to help law enforcement authorities combat the threat by giving pertinent information regarding personal experiences.