This week’s news concentrates on the after-effects of REvil’s ransomware attack on MSPs and clients utilizing zero-day vulnerabilities in Kaseya VSA. Fortunately is that it has actually not been as disruptive as we at first feared.
As REvil performed their attack from another location, they never ever had access to the victims’ networks and hence might not erase backups or take information.
With the absence of this utilize, victims are bring back from backups instead of paying the ransom.
Unfortunately, this attack was close to being avoided as Kaseya worked on spots for the zero-day vulnerabilities simply as the attacks began.
Due to continuous ransomware attacks on United States interests, President Biden has actually as soon as versus alerted President Putin that Russia requires to jail the ransomware gangs running from Russia or the United States will act rather.
A brand-new ransomware payment tracking website called Ransomwhere was released today.
Factors and those who supplied brand-new ransomware details and stories today consist of: @VK_Intel, @malwrhunterteam, @serghei, @struppigel, @FourOctets, @DanielGallagher, @Ionut_Ilascu, @fwosar, @demonslay335, @malwareforme, @BleepinComputer, @Seifreed, @jorntvdw, @LawrenceAbrams, @PolarToffee, @LabsSentinel, @coveware, @billseagull, @Malwarebytes, @_johnhammond, @DIVDcsirt, @ 0xDUDE, @jackhcable, and @pcrisk.
July 4th 2021
The zero-day vulnerability utilized to breach on-premise Kaseya VSA servers remained in the procedure of being repaired, simply as the REvil ransomware gang utilized it to carry out an enormous Friday attack.
The REvil ransomware gang is increasing the ransom needs for victims secured throughout Friday’s Kaseya ransomware attack.
Toffee saw a brand-new RaaS called AvosLocker being promoted on a hacker online forum. Adds the . avos extension to encrypted files and drops the GET_YOUR_FILES_BACK. txt ransom note.
July 5th 2021
REvil ransomware has actually set a cost for decrypting all systems locked throughout the Kaseya supply-chain attack. The gang desires $70 million in Bitcoin for the tool that enables all afflicted organizations to recuperate their files.
CISA and the Federal Bureau of Investigation (FBI) have actually shared assistance for handled company (MSPs) and their consumers affected by the REvil supply-chain ransomware attack that struck the systems of Kaseya’s cloud-based MSP platform.
PCrisk discovered brand-new STOP ransomware variations that add the . zqqw and . pooe extensions.
July 6th 2021
White House Press Secretary Jen Psaki states that the United States will do something about it versus cybercriminal groups from Russia if the Russian federal government declines to do so.
Kaseya states the REvil supply-chain ransomware attack breached the systems of approximately 60 of its direct clients utilizing the business’s VSA on-premises item.
The 2nd quarter of 2021 marked the most significant ransomware attack on U.S. facilities to date. On May 7, The Colonial Pipeline Company, which runs the biggest pipeline system for refined oil items in the United States, was contaminated with DarkSide ransomware. The attack led to a six-day shutdown that was just dealt with when Colonial Pipeline paid the $4.4 million ransom– a choice that CEO Joseph Blount referred to as “the best thing to do for our nation.”
July 7th 2021
Hazard stars are attempting to take advantage of the continuous Kaseya ransomware attack crisis by targeting prospective victims in a spam project pressing Cobalt Strike payloads camouflaged as Kaseya VSA security updates.
PCrisk discovered a brand-new STOP ransomware version that adds the . zzla extension.
July 8th 2021
Not yet 2 years of ages and currently in its seventh version, Ransomware as a Service alternative Conti has actually shown to be a nimble and proficient malware hazard, efficient in both self-governing and directed operation and with unrivaled file encryption speed. Since June 2021, Conti’s special function set has actually assisted its affiliates obtain a number of million dollars from over 400 companies.
Financial investment banking company Morgan Stanley has actually reported an information breach after assaulters took individual details coming from its clients by hacking into the Accellion FTA server of a third-party supplier.
Charles Carmakal has an issue: Ransomware has actually ended up being so respected that he has excessive service.
The REvil ransomware gang’s attack on MSPs and their clients recently outwardly must have achieved success, yet modifications in their normal methods and treatments have actually caused couple of ransom payments.
Jack Cable released a ransom payment tracking website called Ransomwarewhere.
Michael Gillespie is trying to find a brand-new ransomware that adds the extension . nohope and drops a ransom note called NOHOPE_README. txt.
July 9th 2021
Kaseya has actually cautioned consumers that a continuous phishing project tries to breach their networks by spamming e-mails bundling destructive accessories and ingrained links impersonating genuine VSA security updates.
CNA Financial Corporation, a leading US-based insurer, is alerting clients of an information breach following a Phoenix CryptoLocker ransomware attack that struck its systems in March.