On Friday, July 2 at 4 p.m. EDT, just before the 4th of July holiday weekend in the U.S., a cyberattack attributed to the REvil ransomware group was launched against users of the Kaseya VSA remote monitoring and management software as well as customers of multiple managed service providers (MSPs) that use the software. Research has shown that the attackers used access to the VSA software to deploy their ransomware payload.
So far this year, Unit 42 has responded to more than a dozen cases involving REvil (also known as Sodinokibi), making it one of the most prolific ransomware groups we have encountered. Our research indicates the average payment in REvil cases this year is about $2.25 million with the largest known ransom payment being around $11 million.
Join Jen Miller-Osborn, Deputy Director of Threat Intelligence for Unit 42, to learn:
- What we know about the ransomware used to attack Kaseya’s services, including attack vectors, IOCs, and other emerging attack details
- REvil’s attack methods, such as their ransomware as a service (RaaS) approach
- What Palo Alto Networks is offering to help our customers become ransomware-ready
Jen Miller-Osborn
Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks
Jen Miller-Osborn is the Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks. Her focus is detecting, identifying and differentiating between cyber espionage and cyber crime actors and groups.
For more than 10 years, Jen has worked in cyber threat intelligence and served as a subject matter expert to multiple U.S. federal agencies. She has influenced national cyber security policies and regularly briefed at all levels of government.
A veteran of the U.S. Air Force, Jen is fluent in Mandarin Chinese. She has several degrees and technical certifications, including a Master of Science degree in information technology from the University of Maryland.