Breaking down the Kaseya ransomware attacks

Nancy J. Delong

Pay attention to this podcast Practically two weeks after REvil ransomware strike hundreds of organizations, Kaseya and its managed company providers are even now examining the damage from the supply chain attack. This week’s Danger & Repeat podcast discusses the most up-to-date developments in the Kaseya supply chain attacks, which […]

Pay attention to this podcast

Practically two weeks after REvil ransomware strike hundreds of organizations, Kaseya and its managed company providers are even now examining the damage from the supply chain attack.

This week’s Danger & Repeat podcast discusses the most up-to-date developments in the Kaseya supply chain attacks, which affected hundreds of companies.

Previously this month, REvil ransomware actors exploited a zero-working day authentication bypass vulnerability in Kaseya’s VSA distant management solution, which is used by numerous managed company providers (MSPs) and IT aid firms. The threat actors then sent destructive updates to somewhere around 60 MSPs and then infected in between 800 and 1,five hundred of their shoppers with ransomware. The REvil threat actors initially demanded a $70 million, a person-time payment for a universal decryptor that would unlock all victims’ info affected in the attacks, but the ransomware operation went dark this 7 days.

But nearly two weeks after the attacks, numerous issues continue being unanswered. For case in point, scientists at the Dutch Institute for Vulnerability Disclosure discovered they identified the zero-working day and six other Kaseya vulnerabilities in April and the seller was prepping a patch when the exploitation occurred.

Did the zero-working day flaw by some means leak in the course of the disclosure method? Why did REvil web sites abruptly disappear? And what is the total number of companies victimized by these attacks? SearchSecurity editors Rob Wright and Alex Culafi go over people issues and extra in this episode.

Next Post

Chinese threat actor exploited SolarWinds zero-day

A recently disclosed SolarWinds Serv-U zero-day vulnerability is seemingly getting exploited by a Chinese menace actor selected “DEV-0322” by Microsoft, which published a site about the exploitation Tuesday. The flaw, CVE-2021-35211, was initially disclosed by SolarWinds on July 9. It is really a remote code execution vulnerability impacting SolarWinds’ Serv-U […]