Kaseya, a year later: What have we learned?

We're excited to bring Transform 2022 back in person on July 19 and virtually from July 20-28. Join leaders in AI and data for in-depth discussions and exciting networking opportunities. Sign up today!

The ransomware note informs you that your files are being held hostage and are "encrypted and currently unavailable". Apparently all file extensions have been changed to .csruj. The hijackers demand payment in exchange for a decryption key. A "free" is offered: a one-time use file decryption key as a show of good faith to prove that the decryption key works.

Operators add (spelling unchanged):

“It's just a business. We don't care about you and your offers at all except to get benefits. If we don't do our job and do our responsibilities, no one will cooperate with us. is not in our interest. If you do not cooperate with our service - for us it does not matter. But you will waste your time and data, because we only have the private key. In practice, time is much more valuable than money."

Overview of Kaseya ransomware attack

On Friday July 2, 2021, Kaseya Limited, an IT infrastructure software developer that provides Remote Management Monitoring (RMM), discovered it was under attack and shut down its servers. What happened was later described by Kaseya and the FBI as a “well-coordinated supply chain ransomware attack exploiting a vulnerability in Kaseya software against multiple MSPs (managed service providers) and their customers.”

Event

Transform 2022

Join us at the leading Applied AI event for enterprise business and technology decision makers on July 19 and virtually July 20-28.

register here

Specifically, the attackers released a fake software update via an authentication bypass vulnerability that spread malware through Kaseya's MSP clients to their downstream companies.

Russia-based REvil Group claimed responsibility on July 5, 2021 and demanded US$70 million in exchange for decrypting all affected systems. But by the time REvil's ransom note made its way to its victims, many companies had already restored their systems from backups. Some victims had already negotiated their own individual ransoms, paying between $40,000 and $220,000.

Kaseya announced on July 23, 2021 that it had acquired a universal decryption key from an anonymous "trusted third party" and was offering it to its customers.

As reported by Reuters on October 21, 2021, REvil servers were hacked and forced offline. Tom Kellermann, Head of Cybersecurity at VMware, said, “The FBI, together with Cyber ​​Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive action against these groups. Kellermann, US Secret Service Advisor for Cybercrime Investigations, added, "REvil was at the top of the list."

In January 2022, Russia's Federal Security Service said it had...

  Business   Jul 9, 2022   0   60  Add to Reading List
Kaseya, a year later: What have we learned?

We're excited to bring Transform 2022 back in person on July 19 and virtually from July 20-28. Join leaders in AI and data for in-depth discussions and exciting networking opportunities. Sign up today!

The ransomware note informs you that your files are being held hostage and are "encrypted and currently unavailable". Apparently all file extensions have been changed to .csruj. The hijackers demand payment in exchange for a decryption key. A "free" is offered: a one-time use file decryption key as a show of good faith to prove that the decryption key works.

Operators add (spelling unchanged):

“It's just a business. We don't care about you and your offers at all except to get benefits. If we don't do our job and do our responsibilities, no one will cooperate with us. is not in our interest. If you do not cooperate with our service - for us it does not matter. But you will waste your time and data, because we only have the private key. In practice, time is much more valuable than money."

Overview of Kaseya ransomware attack

On Friday July 2, 2021, Kaseya Limited, an IT infrastructure software developer that provides Remote Management Monitoring (RMM), discovered it was under attack and shut down its servers. What happened was later described by Kaseya and the FBI as a “well-coordinated supply chain ransomware attack exploiting a vulnerability in Kaseya software against multiple MSPs (managed service providers) and their customers.”

Event

Transform 2022

Join us at the leading Applied AI event for enterprise business and technology decision makers on July 19 and virtually July 20-28.

register here

Specifically, the attackers released a fake software update via an authentication bypass vulnerability that spread malware through Kaseya's MSP clients to their downstream companies.

Russia-based REvil Group claimed responsibility on July 5, 2021 and demanded US$70 million in exchange for decrypting all affected systems. But by the time REvil's ransom note made its way to its victims, many companies had already restored their systems from backups. Some victims had already negotiated their own individual ransoms, paying between $40,000 and $220,000.

Kaseya announced on July 23, 2021 that it had acquired a universal decryption key from an anonymous "trusted third party" and was offering it to its customers.

As reported by Reuters on October 21, 2021, REvil servers were hacked and forced offline. Tom Kellermann, Head of Cybersecurity at VMware, said, “The FBI, together with Cyber ​​Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive action against these groups. Kellermann, US Secret Service Advisor for Cybercrime Investigations, added, "REvil was at the top of the list."

In January 2022, Russia's Federal Security Service said it had...

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow