Cancel
CreatorsPublishersAdvertisers
View more in
Software

The Unfixed Flaw at the Heart of REvil’s Ransomware Spree

By Lily Hay Newma
Wired
 13 days ago

Cover picture for the articleResearchers from the Dutch Institute for Vulnerability Disclosure identified the first of what they quickly found to be seven vulnerabilities—all easy to spot, some potentially catastrophic—in an IT management system known as the Virtual System Administrator. By April 6, they had found 2,200 vulnerable systems and disclosed their findings to Kaseya, the company behind VSA. Kaseya patched four of the seven in the ensuing days and weeks, but three remained. What happened next was one of the most significant ransomware attacks in history.

www.wired.com

Comments / 0

IN THIS ARTICLE
#Information Security#Ransomware#Management Software#Internal Security#Vsa#Divd#Dutch#Luta Security
YOU MAY ALSO LIKE
News Break
Technology
News Break
Computers
Country
Netherlands
News Break
Software
Related
POTUSPosted by
Fortune

REvil ransomware websites go offline, and no one is sure exactly why

Subscribe to Fortune Daily to get essential business stories straight to your inbox each morning. All of the known websites associated with the hacking group REvil have gone offline on the Dark Web—four days after President Joe Biden urged Russian President Vladimir Putin to take action to disrupt ransomware groups operating in Russia.
POTUSThe Guardian

Ransomware gang REvil's websites become unreachable

Websites run by the ransomware gang REvil suddenly became unreachable on Tuesday. Ransomware gang websites can be unreliable, and it was unclear whether the site’s disappearance was a momentary fluke or whether the hackers had been taken offline. Vanishing acts are common in the ransomware world, where gangs tend to...
TechnologyPosted by
TechRadar

REvil bungled its massive ransomware attack, giving businesses an easy out

New details about the recent ransomware campaign against Kaseya’s customers reveal the change in tactics could cost the threat actors dear. Ransomware attacks are usually targeted campaigns directed towards specific targets. However in order to maximize the damage, REvil instead exploited the zero-day in Kaseya's VSA software to compromise several managed service providers (MSP) and deliver ransomware to their downstream customers.
Softwarebeckershospitalreview.com

System flaw flagged 3 months before Kaseya hit by ransomware attack

Kaseya was informed of a major cybersecurity hole in its IT management software in early April, three months before a ransomware group took hostage its information systems in an ongoing attack, The Wall Street Journal reported July 7. The REvil ransomware gang attacked Kaseya's systems July 2, affecting about 50...
Public Safetysecurityboulevard.com

CTO Perspective: Examination of the REvil Ransomware Attack

Over the July 4th weekend, the REvil ransomware syndicate hit software supplier Kaseya Ltd. and crippled more than 200 United States companies. The criminals took advantage of a reduced weekend security workforce to infiltrate up to 1,500 businesses globally, according to Reuters. That number is sure to fluctuate as more information develops.
POTUSCNBC

Multiple REvil ransomware sites are down on the dark web

Dark web sites affiliated with the REvil ransomware gang were not operating Tuesday morning. The disappearance of the sites affiliated with the Russian-linked gang REvil, also known as Sodinokibi, comes on the heels of an international ransomware outbreak on July 2 that the group had taken credit for. President Joe...
POTUSWashington Times

REvil’s hit on defense contractor tests Biden’s tough talk on cyberattacks

The REvil cybergang hit a defense contractor whose customers include the U.S. military in a brash test of President Biden’s tough talk seeking to deter cyberattackers bombarding America. The Russia-linked REvil claimed it stole 23 gigabytes of data belonging to HX5, a Florida-based defense contractor working on aerospace and weapon...
Technologynewsbrig.com

Kaseya was warned about security flaws years ahead of ransomware attack

The giant ransomware attack against Kaseya might have been entirely avoidable. Former staff talking to Bloomberg claim they warned executives of “critical” security flaws in Kaseya’s products several times between 2017 and 2020, but that the company didn’t truly address them. Multiple staff either quit or said they were fired over inaction.
Computersbleepingcomputer.com

Kaseya patches VSA vulnerabilities used in REvil ransomware attack

CVE-2021-30116 - A credentials leak and business logic flaw, to be included in 9.5.7. CVE-2021-30117 - An SQL injection vulnerability, resolved in May 8th patch. CVE-2021-30118 - A Remote Code Execution vulnerability, resolved in April 10th patch. (v9.5.6) CVE-2021-30119 - A Cross Site Scripting vulnerability, to be included in 9.5.7.
Public Safetysecurityintelligence.com

REvil Ransomware Gang Launches Major Supply Chain Attack Through Kaseya, Downstream Impact May Affect Over 1,500 Customers

On July 2, 2021, Kaseya customers were notified of a compromise affecting the company’s VSA product in a way that poisoned the product’s update mechanism with malicious code. VSA is a remote monitoring and management tool for networks and endpoints intended for use by enterprise customers and managed service providers (MSPs). According to Kaseya, it urged customers to shut down the VSA to prevent attackers from gaining remote access to further assets. Kaseya also shut down the cloud version of VSA and all SaaS servers as a precautionary measure.
Public Safetyvmware.com

REvil’s Modern Island Hop: Crime at Scale

An expert insight into the REvil ransomware attack over America’s Independence Day weekend. The latest REvil ransomware attack on multiple Managed Service Providers (MSPs) and their customers cast a dark shadow over this year’s Independence Day in the United States: according to several reports, the attackers obtained initial access to the MSPs’ networks by exploiting a zero day vulnerability (CVE-2021–30116) in Kaseya VSA, a remote monitoring and management tool.  As a result, over a thousand customers of the affected MSPs have been compromised, including a major Swedish supermarket chain. The attackers demand a ransom of $70,000,000 in Bitcoin in exchange for a decryption tool for the victims of the attack, as published on their dark web’s “Happy Blog” (see Figure 1). 
POTUSWashington Times

REvil, Russia-based cyber gang, abruptly vanishes following series of ransomware attacks

REvil, a Russian-based hacking group held responsible for several recent major ransomware attacks, abruptly vanished from the internet this week. Websites and infrastructure run by REvil went offline without explanation Tuesday, triggering speculation about whether the prolific ransomware group could have called it quits, willingly or otherwise. The White House...
Cell PhonesWired

The SolarWinds Hackers Used an iOS Flaw to Compromise iPhones

The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft. In a post Google published on Wednesday, researchers Maddie Stone...
Public Safetylatesthackingnews.com

The Notorious REvil Ransomware Gang Go Offline

After wreaking havoc in the corporate world, the notorious REvil ransomware suddenly went offline. Neither its traces appear on its dark web site, nor has it maintained any representation on cybercrime forums. REvil Ransomware Went Offline. Reportedly, the infamous REvil ransomware gang has apparently gone offline for unknown reasons. While...
Technologyaithority.com

TruKno Launches Cyber Threat Intelligence For The 99%

Cyber Industry’s First Threat Intelligence SaaS Service That You Can Buy Instantly with a Credit Card. TruKno announced a new Cyber Threat Intelligence SaaS subscription that aims to help organizations reduce the risk of a breach by empowering their entire IT security staff with easy-to-use, actionable, and real time cyber threat dashboards.

Comments / 0

Community Policy