Almost two weeks after the REvil ransomware hit hundreds of businesses, Kaseya and its managed service providers are still assessing the damage from the supply chain attack.
These weeks Risk & Repetition Podcast discusses the latest developments in the Kaseya supply chain attacks affecting hundreds of businesses.
Earlier this month, REvil ransomware actors exploited a zero-day authentication bypass vulnerability in Kaseya’s VSA remote management product used by many managed service providers (MSPs) and IT support firms. The threat actors then delivered malicious updates to approximately 60 MSPs and then infected them between 800 and 1,500 of their customers with ransomware. The actors of the REvil threat initially requested one $ 70 million, one-time payment looking for a universal decryptor that would unlock all victims’ data affected by the attack, but the ransomware operation went dark this week.
But almost two weeks after the attacks, many questions remain unanswered. For example, the researchers Dutch Vulnerability Disclosure Institute announced that they discovered the zero-day and six other Kaseya vulnerabilities in April and that the vendor was preparing a patch when the exploitation occurred.
Did the zero day bug somehow leak during the disclosure process? Why did REvil websites suddenly disappear? And how many organizations in total are victims of these attacks? SearchSecurity editors Rob Wright and Alex Culafi discuss these and other questions in this episode.
#Break #Kaseya #ransomware #attacks