kras99 - stock.adobe.com
Risk & Repeat: Breaking down the Kaseya ransomware attacks
Nearly two weeks after REvil ransomware hit hundreds of companies, Kaseya and its managed service providers are still assessing the damage from the supply chain attack.
This week's Risk & Repeat podcast discusses the latest developments in the Kaseya supply chain attacks, which affected hundreds of organizations.
Earlier this month, REvil ransomware actors exploited a zero-day authentication bypass vulnerability in Kaseya's VSA remote management product, which is used by many managed service providers (MSPs) and IT support firms. The threat actors then delivered malicious updates to approximately 60 MSPs and then infected between 800 and 1,500 of their clients with ransomware. The REvil threat actors initially demanded a $70 million, one-time payment for a universal decryptor that would unlock all victims' data affected in the attacks, but the ransomware operation went dark this week.
But, nearly two weeks after the attacks, many questions remain unanswered. For example, researchers at the Dutch Institute for Vulnerability Disclosure revealed they discovered the zero-day and six other Kaseya vulnerabilities in April and the vendor was prepping a patch when the exploitation occurred.
Did the zero-day flaw somehow leak during the disclosure process? Why did REvil websites suddenly disappear? And what is the total number of organizations victimized by these attacks? SearchSecurity editors Rob Wright and Alex Culafi discuss those questions and more in this episode.