Rev Has returned to the biggest attack ransomware So far in 2021: affected more than one million systems of 1,000 companies in 17 countries, including Argentina, after being inserted in an update of management software Kasaya, Which provides remote information technology services.
Located in Miami, Kasaya Managed Service Provider (MSP). Their systems are connected to other companies, so a broken update could be used directly with the enterprise network.
The Attack on servers Xaya Utilizing the zero day impact on Friday, July 2nd corrected. Ransomware victims Rev They are located in the United Kingdom, South Africa, Canada, Germany, USA, Colombia, Sweden, Kenya, Argentina, Mexico, the Netherlands, Indonesia, Japan, Mauritania, New Zealand, Spain and Turkey, as pointed out by ESET.
Kasaya, Which has about 40,000 customers, Approved The VSA asked the servers to shut down immediately until the incident and the victims were released by the patch. However, for many companies it is already too late as they have already been affected ransomware It encrypts your information.
According to Reports As of July 3, nearly 1,000 companies have been affected by this supply chain attack, and they are working as quickly as possible to control the attack and notify IT groups.
The fee demanded from each victim will vary from case to case depending on the size of the affected business. In the last hour, the group Rev Posted on his dark web site offering to victims Kasaya A decryptor, so they can recover files from encryption for $ 70 million.
First Sleeping computer Unlike other similar events, Rev It only encrypts the victim’s files and does not steal any information, suggesting that they could not access the victim’s network as soon as they could.
The incident is being investigated by the US National Cyber Security Agency and the FBI Posted a guide This includes managed service providers and their customers affected by this attack, but they are not limited Kasaya VSA detection tool, Which analyzes a system and indicates that something exists Indicator of compromise.