How did the revil ransomware attack happen?
On July 2, 2021, REvil launched a massive ransomware attack on approximately 1,500 businesses and encrypted them all in one fell swoop. REvil’s attack focused on Kaseya VSA, a remote management solution used by managed service providers, or MSPs, to manage their customers’ services and support. Kaseya can be deployed both as a cloud-based SaaS or via an on-premise server. REvil focused on the on-premise servers, using a zero-day vulnerability to infect 60 MSPs. Kaseya keeps its administrator rights on client systems which means once the MSP is infected, their client systems become infected.
The result of this was a worldwide ransomware attack that mainly affected the retail sector and any other sector unfortunate enough to be relying on MSPs using Kaseya VSA to manage their client systems. For example,