REvil indirectly targeted hundreds of companies throughout the United States in a supply chain attack against Kaseya’s VSA System Administration Platform, a security system used for remote monitoring and IT management.
REvil is said to be responsible for the assault, attack that entailed distributing a particular payload via a typical automatic software update. Following the initial stage, hackers disabled several elements of Windows Defender and utilized PowerShell to decode and extract its information.
Because of the reported security vulnerability, Kaseya put all their cloud services into maintenance mode and issued a security warning to clients who had a local VSA server, ordering them to shut down their server until further notice. Kaseya first informed the FBI and the CISA before starting their own internal inquiry.
The good news is that less than 40 of 36,000 customers have been affected by the security issue. The bad news is that they estimate to discover more following the analysis, according to CRN.
REvil strengthens its position and demands a double ransom if the money is not paid by the due date
Following the breach of VSA systems, the sophisticated ransomware is able to spread itself wherever vulnerabilities are discovered. Therefore, there is a chance for more victims and the real impact is hard to estimate at this moment.
Respecting REvil’s modus operandi, the group stole data and are currently asking for ransom to unscramble the information. They are asking for sums ranging from $45k and $5 million in Monero. Unlike previous attacks, this time the organization is putting pressure on its victims, asking them to pay up straight away or the the ransom doubles.
FBI is currently looking into the incident and urged all victims to contact them right away, although they may not respond to each complaint individually. At the same time, Biden has directed all resources of the government be used to investigate the attack.