REvil ransomware: Lessons learned from a major supply chain attack

One of the most popular recent ransomware attacks involved the REvil ransomware gang leveraging security flaws within the Kaseya VSA to initiate one of the largest ransomware attacks in history. As ingenious as this plan was, few organizations paid the ransom money to get their files back. Why did one of the largest ransomware attacks in history have such a poor level of performance? 

How did the REvil ransomware attack happen?

On July 2, 2021, REvil launched a massive ransomware attack on approximately 1,500 businesses and encrypted them all in one fell swoop. REvil’s attack focused on Kaseya VSA, a remote management solution used by managed service providers, or MSPs, to manage their customers’ services and support. Kaseya can be deployed both as a cloud-based SaaS or via an on-premise server. REvil focused on the on-premise servers, using a zero-day vulnerability to infect 60 MSPs. Kaseya keeps its administrator rights on client systems which means once the MSP is infected, their client systems become infected.

The result of this was a worldwide ransomware attack that mainly affected the retail sector and any other sector unfortunate enough to be relying on MSPs using Kaseya VSA to manage their client systems. For example,

Read More: