Items tagged with revil

Though notorious hacking group REvil has gone offline, companies are still reeling from the effects of the Kaseya ransomware attack. However, it seems the Florida-based remote-management software company has obtained a universal decryptor key and is working with all its customers to rectify the situation. Just before the July 4th holiday weekend in the US, criminal hackers from REvil utilized a 0-day exploit to access Kaseya’s systems and subsequently encrypt them and downstream customers. It was estimated that nearly 1,500 different companies, including a large chain grocery store in Sweden called Coop, were infected with the REvil ransomware. Afterward, an astounding $70 million was demanded... Read more...
It appears that REvil, the threat actor group behind attacks on JBS Global and Kaseya, among others, has gone dark. While this could be a good thing, it may not be worth holding your breath as there are other explanations for REvil “disappearing” in the short term. Prior to the July 4th holiday in the United States, REvil executed an attack on Kaseya, a management software company based out of Florida. This led to upwards of 1,500 businesses downstream having their files encrypted and held for ransom by the threat actor group’s ransomware. With this rise in attacks, the Biden administration has seemingly put cybersecurity as a priority. Less than a day ago, BleepingComputer’s... Read more...
Customers of Kaseya's Vector Signal Analysis (VSA) software are being warned to be on the lookout for phishing emails claiming to offer up a security update, but in reality contain a malicious payload. The phishing campaign is a result of a massive supply chain ransomware attack that spread through software created by the Florida-based IT company. Notorious hacking group REvil was behind the attack, which exploited vulnerabilities in Kaseya's VSA software to distribute ransomware. In the aftermath, Kaseya said the attack affected fewer than 60 customers, though also noted that many of those customers provide IT services to multiple other companies. "We understand that the total impact thus far... Read more...
Over the weekend, cybersecurity experts, forensics teams, and white-hat hackers worldwide have been battling the ransomware incident affecting Kaseya VSA customers. Now, the Florida-based IT and remote management company is reporting that fewer than 60 customers and 1,500 downstream companies have been affected by this. But could this all have been prevented in the first place, or did cybersecurity take a backseat? On the evening of July 5th, Kaseya reported that the ransomware attack, which started on July 2nd against its VSA product, had hopefully been contained at this point. So far, there are fewer than 60 direct Kaseya customers affected; however, as many of these companies provide IT services,... Read more...
On July 4th, we reported that the developing Kaseya ransomware incident might be much worse than initially thought. While it is still unclear exactly how many victims and encrypted devices there are, it was apparent that this is certainly a wide-reaching international incident. We also noted that REvil, the Russian-backed hacking group, had not mentioned the situation on its blog, until now. Late in the evening on July 4th, REvil made a blog post about its Kaseya attack after much speculation. The group explained that the attack launched on July 2nd has since encrypted “more than a million systems.” However, it seems that this ransomware event is being treated differently than most,... Read more...
Before the holiday weekend got underway, the REvil hacking group kicked off a massive supply chain attack involving remote management software company Kaseya. Based out of Florida, the company only reports that 40 of its remote monitoring tool VSA on-premises customers have been affected by this. However, some of these 40 could be managed service providers who in turn serve hundreds of small businesses, which bloats the number of affected companies upwards of 1,000. This morning, Kaseya provided an update on its progress, explaining that it is working on a plan to restore software-as-a-service server farms while all on-premises VSA servers should remain offline until further notice. Furthermore,... Read more...
Right to repair arguments often fall on deaf ears, especially at companies like Apple that are tight-lipped and only allow certain people to [officially] repair its products. What if Apple's hands were forced, though, and nearly anyone could look at device's schematics? We may find out shortly as hackers have leaked some files about Apple products, and repair shops are taking advantage of this, legality aside. In late April, Apple supplier Quanta was hit with a $50 million ransomware attack carried out by hacker group REvil. Apple schematics were stolen and leaked when Quanta refused to pay the exorbitant fee. These schematics included a future line of MacBook devices and likely much more that... Read more...
Apple is bringing some color into people's lives with a new line of M1-powered iMac systems, available in green, yellow, orange, pink, purple, blue, and silver. As to what other changes Apple plans on making to its product lines, a hacking group is threatening to reveal them, after infiltrating servers belonging to one of the company's main suppliers. The hacking group goes by REvil, and it is the same one that recently breached Acer and stole files that included financial spreadsheets, bank balances, and bank communications, all of which it posted on its website called Happy Blog. The group is known for using ransomware in its attacks, and in the case of Acer, it had demanded $50 million. REvil... Read more...