Russian based hacking group REvil carries out attack on American company

Kaseya attacked by REvil

1500 companies infected by ransomware from Russia

Dear reader last week the largest ever ransomware attack took place 1500 companies were infected by the Russian ransomware hacking group REvil when they carried out attack on American based software vendor kaseya the group were able to use zero day to bypass the authentication and run arbitrary command execution within the management service provider running kaseya software

Management service providers are used by companies to distribute update and patches to multiple computer through out their organization once compromised the management service provider instead of distributing updates would distribute ransomware locking companies out of their systems

It is believed 60 management service providers were initially affected and then further 1500 companies infected by Russian ransomware hacking group

 

1500 companies infected by ransomware from Russia

 

REvil originally demanded $70 million to unlock the victim systems but was lowered to $50 million implying they might have negotiated

REvil have been active for a number of years it is believed the group earned $100 million from operations in 2020 and have been linked to a number of high profile attacks including against former US president donald trump who they demand $42 million in may 2020

Following the incident kaseya urged customers to shut down any of their systems running the companies software until a patch was available which took 10 days before it was distributed to the affected customers. it should be noted that spammers are capitalizing on this crisis to send out fake email notification that appear to be the kaseay update but turn out to be yet more malware to infect unwitting victims

It was reported that employees of kaseya highlighted the vulnerability before the attack happened but the company leadership failed to act

As we publish this story it seems that REvil has been taken offline it is unclear if this was intentional or caused by a cyber attack

Dear readers if you wish to learn more on this subject we direct you to an article we posted previous in which we talk about the ransomware landscape in Iran and the ever-increasing number of successful ransomware attacks carried out in cyberspace

 

Leave a Reply

Your email address will not be published. Required fields are marked *