2/2/2024 0 Comments Jack krebs group ransomwhere![]() The Netherlands-based institute added, “Unfortunately, we were beaten by REvil in the final sprint, as they could exploit the vulnerabilities before customers could even patch.” “And yes, we have reported these vulnerabilities to Kaseya under responsible disclosure guidelines (aka coordinated vulnerability disclosure).” First things first, yes, Wietse Boonstra, a DIVD researcher, has previously identified a number of zero-day vulnerabilities which are currently being used in ransomware attacks,” DIVD said Opens a new window. “It is time to be a bit more clear on our role in this incident. Details of CVE-2021-30116, along with the other flaws remain under wraps as of now for obvious reasons. Kaseya had developed partial patches and was collaborating with DIVD to fix the security gap.ĬVE-2021-30116 is one of the several vulnerabilities that DIVD reported to Kaseya for which the company was validating a patch. What’s peculiar is that this particular vulnerability, tracked CVE-2021-30116 Opens a new window, was already reported by DIVD to Kaseya and was being fixed. REvil, on the other hand, exploited a zero-day vulnerability existing in Kaseya VSA. APT29 carefully laid low for the duration of the attack, stealthily conducting reconnaissance and active operations. In contrast, SolarWinds was a huge cyber-espionage campaign originating from the US’s all-weather adversary Russia by a well-known advanced persistent threat (APT) group APT 29 (Cozy Bear). Unlike the SolarWinds incident from 2020, which was also a software supply chain attack, the maliciousness associated with this Kaseya incident relates more to usual ransomware operations for money, based on what’s known so far. See Also: 5 Reasons Why Your Business Should Have a Ransomware Plan in 2021 Background of the Kaseya Ransomware Attack This makes the attack a software supply chain one against not only Kaseya but also against thousands of organizations leveraging VSA. Kaseya’s VSA endpoint management and network monitoring tool enables Managed Service Providers (MSPs) to carry out software deployment, patch management, antivirus and antimalware deployment, routine maintenance, etc. ![]() REvil’s Note for Kaseya | Source: Mark Loman, Director of Engineering at Sophos The REvil gang posted the following note on its leak site: The next biggest ransom demands also came in 2021 when Acer and Apple’s Taiwanese vendor Quanta were demanded $50 million each in two separate ransomware attacks. ![]() The company issued a security advisory and apprised its more than 36,000 customers as soon as the infection was discovered, as well as instigated precautionary moves by shutting down its SaaS servers despite the attack chain affecting only on-premise implementations.īut it appears threat actors from REvil managed to inflict enough damage through the attack to command a more than hefty, not to mention the highest ever sum of $70 million as the ransom to decrypt systems. The REvil ransomware gang, also known as Sodinokibi, exploited a zero-day vulnerability to gain entry into the target network and encrypt systems. According to the Dutch Institute for Vulnerability Disclosure (DIVD), the attack took place just as the United States was heading into the 4th of July weekend celebrations. Networking and IT infra software provider Kaseya was recently victimized in a ransomware attack by the REvil ransomware gang. The Russia-based malicious outfit is also seeking ransom payments from thousands of affected customer organizations and MSPs. At the outset of the attack, REvil demanded $70 million in ransom, the highest ever, but has since reduced it to $50 million. The REvil ransomware gang last week targeted Miami-FL-based IT services provider Kaseya.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |