Risk & Repeat: Breaking down the Kaseya ransomware attacks

Listen to this podcast

Nearly two weeks after REvil ransomware hit hundreds of companies, Kaseya and its managed service providers are still assessing the damage from the supply chain attack.

This week’s Risk & Repeat podcast discusses the latest developments in the Kaseya supply chain attacks, which affected hundreds of organizations.

Earlier this month, REvil ransomware actors exploited a zero-day authentication bypass vulnerability in Kaseya’s VSA remote management product, which is used by many managed service providers (MSPs) and IT support firms. The threat actors then delivered malicious updates to approximately 60 MSPs and then infected between 800 and 1,500 of their clients with ransomware. The REvil threat actors initially demanded a $70 million, one-time payment for a universal decryptor that would unlock all victims’ data affected in the attacks, but the ransomware operation went dark this week.

But, nearly two weeks after the attacks, many questions remain unanswered. For example, researchers at the Dutch Institute for Vulnerability Disclosure revealed they discovered the zero-day and six other Kaseya vulnerabilities in April and the vendor was prepping a patch when the exploitation occurred.

Did the zero-day flaw somehow leak during the disclosure process? Why did REvil websites suddenly disappear? And what is the total number of organizations victimized by these attacks? SearchSecurity editors Rob Wright and Alex Culafi discuss those questions and more in this episode.

Products You May Like

Articles You May Like

ActiveFence comes out of the shadows with $100M in funding and tech that detects online harm, now valued at $500M+
China Roundup: Kai-Fu Lee’s first Europe bet, WeRide buys a truck startup
Several Malicious Typosquatted Python Libraries Found On PyPI Repository
Score a free month of Extra Crunch with your TC Sessions: SaaS 2021 pass
Microsoft researcher found Apple 0-day in March, didn’t report it

Leave a Reply

Your email address will not be published. Required fields are marked *