Risk & Repeat: Breaking down the Kaseya ransomware attacks

Listen to this podcast

Nearly two weeks after REvil ransomware hit hundreds of companies, Kaseya and its managed service providers are still assessing the damage from the supply chain attack.

This week’s Risk & Repeat podcast discusses the latest developments in the Kaseya supply chain attacks, which affected hundreds of organizations.

Earlier this month, REvil ransomware actors exploited a zero-day authentication bypass vulnerability in Kaseya’s VSA remote management product, which is used by many managed service providers (MSPs) and IT support firms. The threat actors then delivered malicious updates to approximately 60 MSPs and then infected between 800 and 1,500 of their clients with ransomware. The REvil threat actors initially demanded a $70 million, one-time payment for a universal decryptor that would unlock all victims’ data affected in the attacks, but the ransomware operation went dark this week.

But, nearly two weeks after the attacks, many questions remain unanswered. For example, researchers at the Dutch Institute for Vulnerability Disclosure revealed they discovered the zero-day and six other Kaseya vulnerabilities in April and the vendor was prepping a patch when the exploitation occurred.

Did the zero-day flaw somehow leak during the disclosure process? Why did REvil websites suddenly disappear? And what is the total number of organizations victimized by these attacks? SearchSecurity editors Rob Wright and Alex Culafi discuss those questions and more in this episode.

Articles You May Like

Soveren launches from stealth with $6.5M seed funding to automate GDPR compliance
Mozilla patches critical “BigSig” cryptographic bug: Here’s how to track it down and fix it
Developers and designers can help businesses manage the semiconductor shortage
Twitter Bans Users From Posting ‘Private Media’ Without a Person’s Consent
South African talent marketplace OfferZen gets $5.2M to deepen European expansion

Leave a Reply

Your email address will not be published. Required fields are marked *