Last week we had seen the devastating attack from REvil ransomware gang disrupted the business of Kaseya via the supply chain attack. It turnsout to be more worse now as they $70 million worth of Bitcoin for decrypting all the machines impacted due to ransomware.

While the investigation is still going on , Huntress labs team has said that atleast 1000 organizations might have been impacted due to this cyber attack .

Kaseya Ransomware Attack

The Dutch Institute for Vulnerability Disclosure has revealed that the ransomware gang has exploited a zero-day vulnerability in its Kaseya VSA servers with the CVE-2021-30116.

Wietse Boonstra, a DIVD researcher, has previously identified a number of the zero-day vulnerabilities [CVE-2021-30116] which are currently being used in the ransomware attacks. And yes, we have reported these vulnerabilities to Kaseya under responsible disclosure guidelines (aka coordinated vulnerability disclosure).”

Source: DIVD

The number of Kaseya VSA instances that are reachable from the internet has dropped from over 2.200 to less than 140 in our last scan today. And, by working closely with our trusted partners and national CERTs, the number of servers in The Netherlands has dropped to zero.” reads the blog post.

while Kaseya was validating its patch before the rollout to its customers, the ransomware gangs seems to have taken the advantage of the vulnerability by the historic supply chain attack, which is considered to be the one of the largest cyber attack against a MSP organization.

Cyberworkx has provided the detailed IOC’s collected on its link to incorporate into the necessary security controls by various organization.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s