On Friday, July 2 at 4 p.m. EDT, just before the 4th of July holiday weekend in the U.S., a cyberattack attributed to the REvil ransomware group was launched against users of the Kaseya VSA remote monitoring and management software as well as customers of multiple managed service providers (MSPs) that use the software. Research has shown that the attackers used access to the VSA software to deploy their ransomware payload.
So far this year, Unit 42 has responded to more than a dozen cases involving REvil (also known as Sodinokibi), making it one of the most prolific ransomware groups we have encountered. Our research indicates the average payment in REvil cases this year is about $2.25 million with the largest known ransom payment being around $11 million.
Join Jen Miller-Osborn, Deputy Director of Threat Intelligence for Unit 42, to learn:
- What we know about the ransomware used to attack Kaseya’s services, including attack vectors, IOCs, and other emerging attack details
- REvil’s attack methods, such as their ransomware as a service (RaaS) approach
- What Palo Alto Networks is offering to help our customers become ransomware-ready