kaseya, security, devastating REvil ransomware attack, in exchange for US$70 million, first reported on Twitter, Bloomberg said July 10

Kaseya is helping nearly 1,500 compromised customers unlock ransomed files after obtaining a universal decryptor key Wednesday, 19 days after the devastating REvil ransomware attack.

“We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor,” the company wrote in an update on its website.

“Kaseya is working with Emsisoft to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims.”

The company declined to answer media questions about the identity of the third party, whether a ransom was paid to obtain the key, and whether the decryptor works in all instances.

REvil made the largest ransom demand of all-time two days after the attack, offering on July 4 to decrypt all Kaseya ransomware attack victims in exchange for US$70 million. REvil’s online presence has since disappeared.

The latest development was first reported on Twitter by NBC News’ Kevin Collier on Thursday. Kaseya said it’ll provide updates on its remediation efforts with the decryptor as more details become available.

Organisations have become increasingly willing to fork over ransoms in recent months, with Colonial Pipeline paying Darkside US$4.3 million in May with the hope of restoring operations on its 5,500-mile pipeline sooner. Meatpacking giant JBS paid REvil US$11 million to shield the company’s meat plants from further disruption and limit the potential impact for restaurants, grocery stores and farmers.

The REvil gang pulled off one of the biggest ransomware heists in years July 2, exploiting a vulnerability in Kaseya’s on-premise VSA remote monitoring and management tool to compromise nearly 60 MSPs and encrypt the data and demand ransom payments from up to 1,500 of their end user customers.

Kaseya said the cybercriminals were able to exploit vulnerabilities in its VSA tool to pass authentication and run arbitrary command execution. This allowed REvil to leverage the VSA product‘s standard functionality and deploy ransomware to customer endpoints.

The cyberattack left more than 36,000 MSPs without access to Kaseya‘s flagship VSA product for nearly 10 days as the company worked on a patch for the on-premises version of VSA and kept the more widely used SaaS version of VSA offline. Third-party engineers and consultants as well as internal IT employees suggested putting additional layers of protection into VSA to defend against unforeseen issues.

“The fact that we had to take down VSA is very disappointing to me personally,” Voccola said in an emotional video posted to Kaseya’s website on July 8. “I feel like I let this community down, I let my company down, [and] our company let you down. And that is not going away.”

Former Kaseya software engineering and developers said they warned Kaseya leaders for years of dangerous security flaws in its products, but those concerns were never fully addressed, Bloomberg said July 10. Some employees who flagged Kaseya’s security issues quit over frustration that newer features and products were prioritized over fixing the problems or were fired over inaction, Bloomberg reported.

Some of the largest security problems within Kaseya included outdated code, weak encryption, and passwords in products, as well as the general failure to meet basic cybersecurity requirements including continuous patching of its software and servers, according to Bloomberg, who declined to identify the former employees due to non-disclosure agreements.

A Dutch Institute for Vulnerability Disclosure (DIVD) researcher discovered seven vulnerabilities in Kaseya’s VSA product in early April and notified the company about the flaws less than a week later. Eighty-seven days later, REvil took advantage of a flaw flagged by DIVD that still hadn’t been resolved.

“We were in a coordinated vulnerability disclosure process with the vendor while this happened,” DIVD’s Victor Gevers wrote on Twitter.

“The CVEs [descriptions of the vulnerabilities] were ready to be published; the patches were made and prepared for distribution; and we mapped all online instances to help speed up the process.”


Japan travel news, japan travel guides, japan holiday destinations and japan reviews

LATEST NEWS

NEWS RELATED

Aussie orgs most likely to pay ransomware attackers: IDC

Australian organisations are the most willing in the world to pay a ransom if they were hit by a ransomware attack, according to a new report by analyst firm IDC. The firm’s ‘Will Your Organization Pay the Ransomware? Survey Says …’ survey showed that 60 percent of Australian companies would…

Read more: Aussie orgs most likely to pay ransomware attackers: IDC

Advice on preventing your company information from being leaked

KnowBe4 Research found that one in four persons disclose confidential work-related information, sometimes accidentally.

Read more: Advice on preventing your company information from being leaked

EY Australia acquires Melbourne MSP SecureWorx

Ernst & Young (EY) Australia has announced it has acquired managed services provider SecureWorx for an undisclosed amount. Based in Melbourne, SecureWorx specialises in multi-cloud services, managed security operations and security advisory services for customers dealing with sensitive information. It also has 24/7 security operations managed services with government cleared…

Read more: EY Australia acquires Melbourne MSP SecureWorx

Cybersecurity vendor Imperva goes ‘channel-first’ in Australia

Cybersecurity vendor Imperva will be transacting all business in Australia through channel partners, apart from “a couple of large legacy direct customers,” according to a statement from Nextgen, the vendor’s local distributor. The expansion of this model to Australia follows its success in China, Japan and Southeast Asia for the…

Read more: Cybersecurity vendor Imperva goes ‘channel-first’ in Australia

Aussie businesses taking almost a year to contain data breaches: IBM

Australian businesses are taking almost 10 months to detect and contain data breaches, according to a new report by IBM.  In the vendor’s annual Cost of a Data Breach report, Australian companies took an average time of 311 days to detect and contain a data breach — 219 to detect,…

Read more: Aussie businesses taking almost a year to contain data breaches: IBM

Aussie businesses taking almost a year to contain data breaches: IBM

Australian businesses are taking almost 10 months to detect and contain data breaches, according to a new report by IBM.  In the vendor’s annual Cost of a Data Breach report, Australian companies took an average time of 311 days to detect and contain a data breach — 219 to detect,…

Read more: Aussie businesses taking almost a year to contain data breaches: IBM

IBM upgrades Big Iron OS for better cloud, security and AI support

IBM continues to fine-tune its mainframe to keep it attractive to enterprise users interested in keeping the Big Iron in their cloud and artificial intelligence (AI) application development plans. The technology giant has released a new version of the mainframe operating system—z/OS V2.5—that includes beefed-up support for containers, AI, and…

Read more: IBM upgrades Big Iron OS for better cloud, security and AI support

Singapore govt data incidents rise, but severity declines

Credit: Joshua Ang / Unsplash The number of Singapore government data security incidents rose from 75 in the 2019 financial year to 108 in FY2020, representing a year-on-year increase of 44 per cent.  However, although the number of data incidents has nearly doubled in a year, there has been a…

Read more: Singapore govt data incidents rise, but severity declines

IBM upgrades Big Iron OS for better cloud, security and AI support

How to prevent the ‘human element’ from being exploited in cyber breaches

Patch Tuesday, 'C release' updates to continue for Windows 11

Patch Tuesday, 'C release' updates to continue for Windows 11

Kaseya did not pay ransom for decryptor, refused to ‘negotiate’ with REvil

ArchTIS finalises Nucleus Cyber acquisition

Security lessons we can take heed from remote working

Cyber Distribution inks Peakhour.io distie deal

OTHER NEWS