CTO Perspective: Examination of the REvil Ransomware Attack

This article has been indexed from Security Boulevard

By Satya Gupta, Founder and CTO, Virsec

Over the July 4th weekend, the REvil ransomware syndicate hit software supplier Kaseya Ltd. and crippled more than 200 United States companies. The criminals took advantage of a reduced weekend security workforce to infiltrate up to 1,500 businesses globally, according to Reuters. That number is sure to fluctuate as more information develops.

The Russian-linked ransomware group encrypted entire networks in the Kaseya supply chain and demanded $70 million in cryptocurrency to deliver a universal decryptor key. REvil claimed more than a million individual devices were infected in what is believed to be the biggest ransomware attack to date.

The White House, FBI, and Department of Homeland Security quickly sprang into action, initiating a detailed investigation into the crime and assisting victims of the attack. Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, urges anyone who believes their systems have been compromised in the Kaseya ransomware incident to immediately report it to the Internet Crime Complaint Center. 

Infiltrating the Supply Chain to Deliver Ransomware

Kaseya Ltd. provides network management software, and its virtual systems/server administrator (VSA) product was targeted to spread the ransomware through Kaseya’s managed service provider customers.

Just as CTO Perspective: Examination of the REvil Ransomware Attack