REvil ransomware: Lessons learned from a major supply chain attack

How did the attack happen?

On July 2, , REvil launched a massive on approximately 1,500 businesses and encrypted them all in one fell swoop. REvil’s attack focused on Kaseya VSA, a remote management solution used by managed service providers, or MSPs, to manage their customers’ services and support. Kaseya can be deployed both as a cloud-based SaaS or via an on-premise server. REvil focused on the on-premise servers, using a zero-day to infect 60 MSPs. Kaseya keeps its administrator rights on client systems which means once the MSP is infected, their client systems become infected.

The result of this was a worldwide attack that mainly affected the retail sector and any other sector unfortunate enough to be relying on MSPs using Kaseya VSA to manage their client systems. For example,

Read More: https://resources.infosecinstitute.com/topic/revil-ransomware-lessons-learned-from-a-major-supply-chain-attack/