Kaseya confirmed that the REvil supply-chain ransomware attack hit fewer than 60 of its customers and their customers.
Software provider Kaseya announced that fewer than 60 of its customers and less than 1,500 businesses have been impacted by the recent supply-chain ransomware attack.
Up to 1,500 downstream organizations, which were customers of MSPs using Kaseya VSA management platform, were impacted by the attack.
“While impacting approximately 50 of Kaseya’s customers, this attack was never a threat nor had any impact to critical infrastructure. Many of Kaseya’s customers are managed service providers, using Kaseya’s technology to manage IT infrastructure for local and small businesses with less than 30 employees, such as dentists’ offices, small accounting offices and local restaurants. Of the approximately 800,000 to 1,000,000 local and small businesses that are managed by Kaseya’s customers, only about 800 to 1,500 have been compromised.” reads a statement published by the company.
On Friday the REvil ransomware gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers.
The REvil ransomware operators initially compromised the Kaseya VSA’s infrastructure, then pushed out malicious updates for VSA on-premise servers to deploy ransomware on enterprise networks.
The ransomware gang exploited a zero-day vulnerability in Kaseya VSA servers, tracked as CVE-2021-30116, that was discovered by The Dutch Institute for Vulnerability Disclosure (DIVD) and reported to the company.
Kaseya was validating the patch before they rolled it out to customers but REvil ransomware operators exploited the flaw in the massive supply chain ransomware attack.
REvil ransomware is asking $70 million worth of Bitcoin for decrypting all systems impacted in the Kaseya supply-chain ransomware attack.
At the time of this writing, only five MSPs have publicly disclosed the security breach caused by the supply chain attack on Kaseya VSA servers, they are Avtex, Hoppenbrouwers, Synnex, Visma EssCom, and VelzArt.
CISA and the Federal Bureau of Investigation (FBI) have published guidance for the organizations impacted by the massive REvil supply-chain ransomware attack that hit Kaseya ‘s cloud-based MSP platform.
The US agencies provide instructions to affected MSPs and their customers on how to check their infrastructure for indicators of compromise.
Kaseya has released a detection tool that could be used by organizations to determine if your infrastructure has been compromised.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, REVIL)
Share On
Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
Kaseya confirmed that the REvil supply-chain ransomware attack hit fewer than 60 of its customers and their customers.
Software provider Kaseya announced that fewer than 60 of its customers and less than 1,500 businesses have been impacted by the recent supply-chain ransomware attack.
Up to 1,500 downstream organizations, which were customers of MSPs using Kaseya VSA management platform, were impacted by the attack.
“While impacting approximately 50 of Kaseya’s customers, this attack was never a threat nor had any impact to critical infrastructure. Many of Kaseya’s customers are managed service providers, using Kaseya’s technology to manage IT infrastructure for local and small businesses with less than 30 employees, such as dentists’ offices, small accounting offices and local restaurants. Of the approximately 800,000 to 1,000,000 local and small businesses that are managed by Kaseya’s customers, only about 800 to 1,500 have been compromised.” reads a statement published by the company.
On Friday the REvil ransomware gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers.
The REvil ransomware operators initially compromised the Kaseya VSA’s infrastructure, then pushed out malicious updates for VSA on-premise servers to deploy ransomware on enterprise networks.
The ransomware gang exploited a zero-day vulnerability in Kaseya VSA servers, tracked as CVE-2021-30116, that was discovered by The Dutch Institute for Vulnerability Disclosure (DIVD) and reported to the company.
Kaseya was validating the patch before they rolled it out to customers but REvil ransomware operators exploited the flaw in the massive supply chain ransomware attack.
REvil ransomware is asking $70 million worth of Bitcoin for decrypting all systems impacted in the Kaseya supply-chain ransomware attack.
At the time of this writing, only five MSPs have publicly disclosed the security breach caused by the supply chain attack on Kaseya VSA servers, they are Avtex, Hoppenbrouwers, Synnex, Visma EssCom, and VelzArt.
CISA and the Federal Bureau of Investigation (FBI) have published guidance for the organizations impacted by the massive REvil supply-chain ransomware attack that hit Kaseya ‘s cloud-based MSP platform.
The US agencies provide instructions to affected MSPs and their customers on how to check their infrastructure for indicators of compromise.
Kaseya has released a detection tool that could be used by organizations to determine if your infrastructure has been compromised.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, REVIL)