REvil & Kaseya Shine a Spotlight on Lacking Cyber Protections
Note: Mission Secure does not incorporate Kaseya software in any of our 24/7 OT cybersecurity managed services or technology stack and is not at risk for any indicators of compromise (IOCs) associated with the Kaseya ransomware campaign.
The ransomware group behind some of the latest high-profile cyber-attacks, including Kaseya, is dark. In 2021 alone, REvil is reportedly responsible for hacking more than 360 U.S. targets. JBS, one of the largest meat suppliers in the U.S., fell victim to the group in May, and software company, Kaseya, was hit in early July.
“…all of the dark web sites for prolific ransomware group REvil — including the payment site, the group’s public site, the ‘helpdesk’ chat and their negotiation portal — are offline.”
But while REvil has disappeared from the online world, the impact of their attacks continues to ripple through organizations and ecosystems. And whether they return or not, REvil, in many ways, has raised the stakes for both cyber adversaries as well as organizations, highlighting the inadequate cyber protections across industries, sectors, and supply chains.
Current Situation – What We Know
On July 2nd, REvil (also known as Sodinokibi) attacked a remote agent and flagship product used by several managed services brands – the Kaseya Virtual System Administrator (VSA).
The Company: Kaseya Limited is an American company that develops software for managing systems, networks, and IT infrastructure. Kaseya has approximately 1,300 employees with headquarters in Miami, Florida, and branch locations across the US, Europe, and the Asia Pacific. Since its founding in 2000, Kaseya has acquired 13 companies, which mostly continue to operate as independent brands under the “a Kaseya company” tagline.
Kaseya primarily provides software or Software-as-a-Service (SaaS) to Managed Services Providers (MSPs), who in turn use it to manage systems for (Read more…)