Global Security Forum

  Since early 2019, the REvil Ransomware, also known as Sodinokibi, has been a blight on the world.  Ransomware is a challenge that many organizations struggle to overcome since the vulnerability exploited isn't always a technical one.  Often times, the vulnerability is a human being.  This makes the challenge all the more difficult to overcome.

  In the news lately many of you have been hearing about the "Largest Ransomware Attack Ever".  While this may or may not be true, it is in fact an attack of herculean proportions since, according to Kaseya, roughly 50 organizations were impacted by this attack, but potentially, over 1,500 organizations were exposed to downstream impacts.

  IBM X-Force has been monitoring this situation since it was disclosed to the public.  Kaseya initially issued statements advising users to immediately shut down all Kaseya VSA servers and has since provided additional steps to mitigate the threat.  At this time, to the best of our knowledge, neither IBM nor any of our security clients have been affected by this attack.  Resources, including our blog on SecurityIntelligence.com, can be found below.

Resources:

• Security Intelligence Blog
• X-Force Exchange Collection
• X-Force Threat Activity Report (Gated Content - PTI Clients)
• Ransomware Definitive Guide
• Incident Response Services and Threat Intelligence Meeting Request

------------------------------
Nicholas W. (Nick) Bradley
X-Force Incident Command
------------------------------

Thanks, Nick for sharing about this latest ransomware incident.

------------------------------
Wendy Batten
Community Manager
IBM Security
Cambridge MA
wjbatten@us.ibm.com
------------------------------

Original Message:
Sent: Wed July 07, 2021 12:07 PM
From: Nick Bradley
Subject: REvil Ransomware Spreading via Kaseya Servers

  Since early 2019, the REvil Ransomware, also known as Sodinokibi, has been a blight on the world.  Ransomware is a challenge that many organizations struggle to overcome since the vulnerability exploited isn't always a technical one.  Often times, the vulnerability is a human being.  This makes the challenge all the more difficult to overcome.

  In the news lately many of you have been hearing about the "Largest Ransomware Attack Ever".  While this may or may not be true, it is in fact an attack of herculean proportions since, according to Kaseya, roughly 50 organizations were impacted by this attack, but potentially, over 1,500 organizations were exposed to downstream impacts.

  IBM X-Force has been monitoring this situation since it was disclosed to the public.  Kaseya initially issued statements advising users to immediately shut down all Kaseya VSA servers and has since provided additional steps to mitigate the threat.  At this time, to the best of our knowledge, neither IBM nor any of our security clients have been affected by this attack.  Resources, including our blog on SecurityIntelligence.com, can be found below.

Resources:

• Security Intelligence Blog
• X-Force Exchange Collection
• X-Force Threat Activity Report (Gated Content - PTI Clients)
• Ransomware Definitive Guide
• Incident Response Services and Threat Intelligence Meeting Request

------------------------------
Nicholas W. (Nick) Bradley
X-Force Incident Command
------------------------------