Items tagged with kaseya

Though notorious hacking group REvil has gone offline, companies are still reeling from the effects of the Kaseya ransomware attack. However, it seems the Florida-based remote-management software company has obtained a universal decryptor key and is working with all its customers to rectify the situation. Just before the July 4th holiday weekend in the US, criminal hackers from REvil utilized a 0-day exploit to access Kaseya’s systems and subsequently encrypt them and downstream customers. It was estimated that nearly 1,500 different companies, including a large chain grocery store in Sweden called Coop, were infected with the REvil ransomware. Afterward, an astounding $70 million was demanded... Read more...
It appears that REvil, the threat actor group behind attacks on JBS Global and Kaseya, among others, has gone dark. While this could be a good thing, it may not be worth holding your breath as there are other explanations for REvil “disappearing” in the short term. Prior to the July 4th holiday in the United States, REvil executed an attack on Kaseya, a management software company based out of Florida. This led to upwards of 1,500 businesses downstream having their files encrypted and held for ransom by the threat actor group’s ransomware. With this rise in attacks, the Biden administration has seemingly put cybersecurity as a priority. Less than a day ago, BleepingComputer’s... Read more...
Customers of Kaseya's Vector Signal Analysis (VSA) software are being warned to be on the lookout for phishing emails claiming to offer up a security update, but in reality contain a malicious payload. The phishing campaign is a result of a massive supply chain ransomware attack that spread through software created by the Florida-based IT company. Notorious hacking group REvil was behind the attack, which exploited vulnerabilities in Kaseya's VSA software to distribute ransomware. In the aftermath, Kaseya said the attack affected fewer than 60 customers, though also noted that many of those customers provide IT services to multiple other companies. "We understand that the total impact thus far... Read more...
Over the weekend, cybersecurity experts, forensics teams, and white-hat hackers worldwide have been battling the ransomware incident affecting Kaseya VSA customers. Now, the Florida-based IT and remote management company is reporting that fewer than 60 customers and 1,500 downstream companies have been affected by this. But could this all have been prevented in the first place, or did cybersecurity take a backseat? On the evening of July 5th, Kaseya reported that the ransomware attack, which started on July 2nd against its VSA product, had hopefully been contained at this point. So far, there are fewer than 60 direct Kaseya customers affected; however, as many of these companies provide IT services,... Read more...
On July 4th, we reported that the developing Kaseya ransomware incident might be much worse than initially thought. While it is still unclear exactly how many victims and encrypted devices there are, it was apparent that this is certainly a wide-reaching international incident. We also noted that REvil, the Russian-backed hacking group, had not mentioned the situation on its blog, until now. Late in the evening on July 4th, REvil made a blog post about its Kaseya attack after much speculation. The group explained that the attack launched on July 2nd has since encrypted “more than a million systems.” However, it seems that this ransomware event is being treated differently than most,... Read more...