REvil Ransomware: A Widespread, Sprawling & Dangerous Attack

On-premises cybersecurity solutions have again proven vulnerable against sophisticated attacks

Right before the 4th of July weekend, news broke of a new ransomware attack against software company Kaseya, which develops security management software used by managed service providers (MSPs). Described as one of the world’s largest ransomware attacks in history, this ongoing attack was perpetrated by REvil, a notorious cybercriminal gang that has used ransomware to attack organizations in the past.

The Kaseya attack, which did not impact iboss customers, is so far said to have affected organizations in 17 countries around the globe. The breach, which took advantage of zero day vulnerabilities in Kaseya’s VSA cloud-based software, as well as its on-premises solutions, is unique because it may be the first large-scale, multi-tiered supply chain-based ransomware attack. This means that the hackers were able to deliver their ransomware through the MSPs that use Kayesa’s software. This attack was then essentially distributed to thousands of these MSPs’ customers.

The extent of the potential damage cannot be overstated, with REvil itself claiming to have impacted over a million systems.

Emboldened by the success of other recent ransomware attacks, in another first, REvil is demanding the highest-ever ransom of $70 million. This attack again reinforces the point that ransomware groups are no longer ragtag keyboard warriors, but are sophisticated organizations committed to evolving not only their tactics, techniques and procedures (TTPs), but also their go-forward business plans and monetary demands.

Threat actors are constantly on the lookout for vulnerabilities to exploit, making unpatched on-prem solutions an easy target. As more organizations continue to have remote or hybrid workforces, moving to a cloud service is more secure and efficient as more data resides in cloud applications. Ransomware attacks like this one are increasing in both volume and complexity and companies need to remain vigilant and have a tested plan to both prevent future breaches and respond in place in case they become a victim.

iboss is here to help customers migrate to a cloud service offering. If you’re considering a move to a SASE platform, take a look at our 5 Steps to Consider when Migrating to SASE ebook.


Blog post authored by Jim Gogolinski, VP of Research and Threat Intelligence at iboss.