Kaseya Hit by REvil Ransomware, Affecting Global Customers
On July 2, 2021, Kaseya, a leading IT management software provider, revealed it had been targeted by the REvil ransomware group. The attack, exploiting multiple zero-day vulnerabilities, caused significant disruptions worldwide. Kaseya has since worked to contain the incident and provide solutions for affected customers.
The REvil attack, also known as Sodinokibi, exploited the CVE-2021-30116 vulnerability in Kaseya's VSA software. It spread globally, encrypting managed service providers and their clients, including supermarkets, kindergartens, and public administration offices. Kaseya believes the attack has been localized to a small number of on-premises customers.
To manage affected systems, Qualys VMDR can identify systems with Kaseya installed and group them using a 'dynamic tag'. Kaseya offers a trial for Qualys VMDR to automatically detect and patch the critical CVE-2021-30116 vulnerability. Qualys has also released an IG QID (48187) to detect the presence of Kaseya VSA.
The FBI and CISA published an advisory on July 4, urging users to download the Kaseya VSA Detection Tool to check for indicators of compromise. Workarounds for the attack include disabling RDP if not used, changing the RDP port to a non-standard port, and keeping systems updated.
REvil, a ransomware-as-a-service (RaaS) group, demands a $70 million payment for a universal decryptor. Kaseya continues to work with law enforcement and cybersecurity experts to resolve the issue and protect customers. Affected customers are advised to follow the guidance provided by Kaseya and relevant authorities.
Read also:
- Trump and Xi speak over the phone, according to China's confirmation.
- NVIDIA introduces Blackwell to the cloud and unveils the significant enhancement of GeForce Now at Gamescom 2025, marking a major step in cloud gaming technology.
- Strategies for Adhering to KYC/AML Regulations in India, a Leading Fintech Center (2024)
- Strategies for Poland, Ukraine, and NATO to combat unmanned Russian aerial threats.
