Russian linked cybercrime gang REvil carried out the Kaseya ransomware attack exploiting the zero-day vulnerabilities. REvil demands $70 million in ransom after pulling off the hack. Kaseya VSA is a cloud-based IT management and remote monitoring solution for managed service providers (MSPs). It offers a centralized console to monitor and manage endpoints, automate IT processes, deploy security patches and control access via two-factor authentication.
Earlier on Sunday, the Dutch Institute for Vulnerability Disclosure(DIVD) had warned Kaseya about the various zero-day vulnerabilities in its VSA software (CVE-2021-30116). DIVD said these were being exploited as a conduit to deploy ransomware.
DIVD, a non-profit organization, said the company had taken steps to resolve the issues as part of a coordinated vulnerability disclosure when the July 2 attacks took place.
Though the flaws were not shared in detail, Victor Gevers, DIVD chair stated the zero-days are trivial to exploit. According to ESET, the Kaseya ransomware attack has affected nearly 1,000 businesses from at least 17 countries which include U.K., South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand, and Kenya.
REvil Demands $70 Million Ransom
REvil earlier in June extorted $11 million from meat processor JBS. The group has been active since April 2019 and has accounted for about 4.6% of attacks on the public and private sectors in the first quarter of 2021.
Now the cybercrime group REvil is demanding a $70 million ransom payment. Kaseya will get a universal decryptor on paying the ransom amount that will facilitate it unlocking all systems crippled by file-encrypting ransomware.