IT Management Platform Kaseya Hit With Sodinokibi/REvil Ransomware Attack

Trend Micro -

Update as of July 23, 1:48 a.m. EDT: Kaseya, with the help of a third party, has obtained a decryptor tool for the victims of the ransomware attack.

Update as of July 13, 1:34 a.m. EDT: Kaseya released its patch on July 11, 4:30 p.m. EDT. As of July 12, 7:30 a.m. EDT, its SaaS is now 100% online.

Update as of July 6, 10:37 p.m. EDT: Trend Micro released a free assessment service that checks environments for the presence of Kaseya vulnerabilities that are related to this attack.

Update as of July 6, 12:02 a.m. EDT: Kaseya has confirmed that a patch will be available after its SaaS servers go online.

Update as of July 5, 1:48 a.m. EDT: The Dutch Security Hotline (DIVD CSIRT) has identified CVE-2021-30116 as one of the zero-day vulnerabilities used in the ransomware attacks. The Kaseya vulnerability was found as part of research conducted into system administration tools; Kaseya and DIVD-CSIRT were working on a coordinated disclosure release before this incident. In addition, reports of REvil pushing for a deal for a universal decryptor have also surfaced.

Kaseya, a company that provides IT management software to managed service providers (MSPs) and IT companies, has been hit with a REvil (aka

Read More: https://www.trendmicro.com/en_us/research/21/g/it-management-platform-kaseya-hit-with-sodinokibi-revil-ransomwa.html