US IT provider Kaseya has become the latest in a growing line of organisations to suffer a cyberattack at the hands of the REvil ransomware group.
According to Verdict, the Russian-speaking syndicate has claimed responsibility for the massive hack that has impacted the systems of at least 1,000 businesses – making it one of the largest cyberattacks in history. REvil has demanded a $70m ransom payment in Bitcoin to decrypt them.
The ransomware group launched the attack last Friday and it has since used the access to instigate further attacks against managed service providers that employ Kaseya’s Virtual System Administrator (VSA) software.
However, Kaseya has been quoted as saying that the ‘sophisticated’ ransom attack affected a very small number of on-premises customers only, despite the hack hitting organisations in countries such as the UK, the US, Canada, Germany, Columbia and South Africa.
Verdict claimed REvil is believed to have used a zero-day in the Kaseya hack, with the attackers using managed service providers running Kaseya software as their distribution method.
Kaseya CEO Fred Voccola said that the firm would release a patch as soon as it could after it had identified the source of the vulnerability.
The US government has also weighed in on the matter, with President Biden stating he had directed US intelligence agencies to investigate the attack, while the US Cybersecurity and Infrastructure Security Agency highlighted it is ‘taking action’ and has encouraged companies to review Kaseya’s advisory and shut down VSA servers.
REvil conducted two big notable hacks last month, with the group hacking into the system of US nuclear weapons contractor Sol Oriens and Brazilian healthcare organisation Grupo Fleury. In May, the group was responsible for the multinational hacking of food processing giant JBS Foods.
Copyright © 2021 RegTech Analyst
Copyright © 2018 RegTech Analyst