Global Security Forum

 View Only
Expand all | Collapse all

REvil Ransomware Spreading via Kaseya Servers

  • 1.  REvil Ransomware Spreading via Kaseya Servers

    Posted Wed July 07, 2021 12:18 PM
    Edited by Wendy Batten Thu July 08, 2021 09:59 AM

      Since early 2019, the REvil Ransomware, also known as Sodinokibi, has been a blight on the world.  Ransomware is a challenge that many organizations struggle to overcome since the vulnerability exploited isn't always a technical one.  Often times, the vulnerability is a human being.  This makes the challenge all the more difficult to overcome.

      In the news lately many of you have been hearing about the "Largest Ransomware Attack Ever".  While this may or may not be true, it is in fact an attack of herculean proportions since, according to Kaseya, roughly 50 organizations were impacted by this attack, but potentially, over 1,500 organizations were exposed to downstream impacts.

      IBM X-Force has been monitoring this situation since it was disclosed to the public.  Kaseya initially issued statements advising users to immediately shut down all Kaseya VSA servers and has since provided additional steps to mitigate the threat.  At this time, to the best of our knowledge, neither IBM nor any of our security clients have been affected by this attack.  Resources, including our blog on SecurityIntelligence.com, can be found below.

    Resources:



    ------------------------------
    Nicholas W. (Nick) Bradley
    X-Force Incident Command
    ------------------------------



  • 2.  RE: REvil Ransomware Spreading via Kaseya Servers

    Community Leadership
    Posted Thu July 08, 2021 11:25 AM
    Thanks, Nick for sharing about this latest ransomware incident.

    ------------------------------
    Wendy Batten
    Community Manager
    IBM Security
    Cambridge MA
    wjbatten@us.ibm.com
    ------------------------------