XaiJu
dtns
dtns

patreon


More Details on the Kaseya Ransomware Attack - ThreatWire CrossPost

Added 2021-07-06 21:12:24 +0000 UTC

By Shannon Morse, ThreatWire 

The Enterprise IT firm Kaseya confirmed they were hit with ransomware attacking their VSA product which is used for remotely monitoring point of sale systems, networks, PCs, and connected devices.  This happened during the holiday weekend. Kaseya believes this only affected their on-premises customers only due to their fast response, but later, other customers like managed service providers, revealed they were affected as well. This issue actually impacts well over 1000 businesses according to some reports, but the exact total is currently unknown. Kaseya supports over 40,000 businesses worldwide.

Businesses affected included a supermarket chain from Sweden but no other businesses have come forward saying they were affected at time of recording.

The Revil ransomware gang announced they were behind this attack and demanded a payment of $70 million in bitcoin before they would publicly publish a decryptor key for all victims. None of the victims reported that data was stolen.

It appears this attack happened and was successful due to a zero day vulnerability in the Kaseya VSA - specifically an authentication bypass vulnerability in the web interface. Kaseya took their on premises servers totally offline as soon as they realized the attack was occuring. CISA and the FBI issued a joint advisory, recommending customers using VSA download the VSA detection tool, which can also detect REvil components. They also recommend using MFA on all accounts. An investigation is currently ongoing.

Support ThreatWire!  https://www.patreon.com/threatwire

https://www.cnet.com/news/ransomware-attack-on-kaseya-a-software-firm-threatens-businesses-worldwide/
https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-1-000-plus-companies-in-msp-supply-chain-attack/
https://therecord.media/revil-gang-asks-70-million-to-decrypt-systems-locked-in-kaseya-attack/
https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/
https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa


More Creators

kuma8tisuki

kuma8tisuki

 fanbox
NnnN_Generator

NnnN_Generator

 patreon
mitchy's patreon <3

mitchy's patreon <3

 patreon
IngensGiga

IngensGiga

 patreon
ayaya

ayaya

 fanbox
DNA: ID

DNA: ID

patreon
Futanari Dream

Futanari Dream

 patreon
The Secret Massage Asmr

The Secret Massage Asmr

 patreon
Pug

Pug

 patreon
kiira

kiira

 fanbox
yasmil

yasmil

 gumroad
fpac

fpac

 patreon
Fares 3D

Fares 3D

 gumroad
BelmontSpanker

BelmontSpanker

 patreon
蘿莉AI

蘿莉AI

 fanbox
justinpbarnett

justinpbarnett

 patreon
Hyerest

Hyerest

 patreon
咸鱼喵CAT

咸鱼喵CAT

 fanbox
Maeven Celeste

Maeven Celeste

 patreon
黒雨

黒雨

 fanbox
Perfectly Unreal Ai

Perfectly Unreal Ai

 patreon
wow_mao

wow_mao

 patreon
Enzo Studios

Enzo Studios

 patreon
Pafmka

Pafmka

 patreon
Daria's Death

Daria's Death

 patreon
isao-rakugaki

isao-rakugaki

 fanbox
Doomerx180

Doomerx180

 patreon
doppel

doppel

 fanbox
FlitterPuff

FlitterPuff

 patreon
peech3D

peech3D

 gumroad
Cleaver draws

Cleaver draws

 patreon
Megumin

Megumin

 gumroad
VirtualGTS

VirtualGTS

 patreon
petty

petty

 gumroad
Bleap

Bleap

 patreon
頑張りマスカルポーネ

頑張りマスカルポーネ

 fantia
saiso

saiso

 fanbox
Iggemart

Iggemart

 patreon
noisn01

noisn01

 patreon
くべcube

くべcube

 fanbox