In the heart of Thursday morning, even as the world was still rejoicing after the US election result, a hacker group called “REvil” struck a Microsoft company. They were able to hack the Kaseya IT management and security software, and have since encrypted several important files on the server. The attack has also affected several UK government agencies, and moved on to the US Kaseya server.
Kaseya is a security software used by an estimated 40 million companies and organizations worldwide, including millions of organizations in the United States. According to the company, more than 90 percent of all Fortune 200 companies use Kaseya’s services. Kaseya helps customers secure their networks against security breaches, manage virtual and physical workstations, and provide secure access to cloud-based applications and data. In March 2017, Kaseya’s flagship product, Kaseya Remote, was used to provide access to more than 700,000 bank accounts during the annual BlackBank exploit attack.
Last week, REvil technical support team member and self-proclaimed “hacker” Brian Krebs reported that REvil’s Kaseya vulnerability was being used to target over 400,000 machines, and that the company had paid over $100,000 to hackers in exchange for the exploit.
After exploiting a 0-day vulnerability in Kaseya, the REvil ransomware gang is demanding a $70 million payment, according to The Record. If successful, this will be the highest amount ever paid or recovered.
The cybercriminals claimed responsibility for the attacks and claimed to have blocked more than a million systems during the hack. The blog post also demanded a ransom of $70 million in bitcoins for a universal encryption tool that would restore all files in less than an hour, the gang said.
blog post in which REvil takes responsibility for the attack
Recently, the demands of ransomware have reached new limits. Earlier, CNA Insurance had the highest value at $40 million, but it was surpassed by the $50 million attack on Acer.
In the news: OnePlus and Oppo collaborate on OxygenOS codebase update
According to a report by BleepingComputer, REvil’s attack on Kaseya’s servers targeted MSPs and not their customers. The attackers then captured more data than they could handle and changed the ransom amount to $5 million.
Recovers encrypted files on victims’ machines with different encrypted file extensions. The gang now charges between $40,000 and $45,000 for each encrypted file extension. One of the victims, whose network contained more than a dozen different encrypted file extensions, was offered $500,000 in ransom to decrypt the entire network.
While Kaseya is trying to release a patch to fix the problem and get the service back up and running, it is estimated that over a thousand companies have been affected. These include the Swedish supermarket chain Coop, which has had to close around 800 of its stores, the local transport system SJ and the Swedish pharmacy chain.
Kaseya itself postponed the announcement of the recovery of its SaaS services, citing a desire to minimize risk to its customers… and took more time to get its data centers back up-and-running, according to The Record.
US President Joe Biden has ordered the US Secret Service to investigate the incident, but has yet to make a clear statement on the background of the attack. The FBI issued a statement Sunday saying it was investigating the incident with the ICAR and other interagency partners.
If you believe your systems have been compromised by the Kaseya Ransomware incident, we recommend that you take all recommended protection measures, follow instructions from Kaseya and the Cybersecurity and Infrastructure Protection Agency (CISA), shut down your VSA servers immediately and report the compromise to the FBI at ic3.gov, the FBI said in a statement. Given the potential magnitude of this incident, the FBI and CISA may not be able to respond to each individual victim, but any information we receive will be helpful in combating this threat.
In the news: Windows 11 can turn a blue screen of death into a black screen
Someone who writes, edits, films, presents technology programs and races virtual machines in their spare time. You can contact Yadullah at [email protected] or follow him on Instagram or Twitter.For anyone who hasn’t heard, Kaseya is a software company that makes remote and virtual desktop capabilities for users, allowing them to access their PC from anywhere in the world. One of the company’s main products is Kaseya Remote Desktop Manager (KRM), a virtual desktop client that allows users to access virtual desktops on their Kaseya server. The company has been extremely popular with small to medium businesses, allowing them to run their own virtual desktops. However, it wasn’t too long ago when the company suffered a sudden and massive hack.. Read more about revil data dump and let us know what you think.
revil ransomwareransomware attack companies affectedkaseya ransomware attack redditkaseya ransomware attack 2021kaseya ransomware attack iocskaseya vsa ransomware attack 2021,People also search for,Privacy settings,How Search works,revil ransomware,revil virus,revil website,revil leaks,revil data dump,ransomware attack companies affected,who is behind sodinokibi,kaseya ransomware attack companies affected