https://safirsoft.com Massive ransomware attack swept hundreds of US companies

Hot Potatoes: A ransomware attack has attacked hundreds of companies across the United States, in an attack on the supply chain using the Kaseya VSA (Remote Monitoring and Information Technology Management) system. While Kaseya claims that fewer than 40 of its more than 36,000 customers have been affected, targeting large managed service providers has resulted in significant numbers of downstream customers being affected.

Kaseya stated that he was notified of a security incident on Friday afternoon, as a result of which they put their cloud services on maintenance mode and issued a security advice to all customers. Has a local VSA shut down the server until further notice, because "One of the first things an attacker can do is turn off administrative access to VSA." Kaseya also reported to the FBI and CISA and launched an internal investigation. The company said in a second update that the Cloud VSA shutdown was merely a precaution, and that customers using their SaaS servers were "never at risk." He also said that the service will be suspended until the company is sure it will resume operations, and at the time of writing, the VSA cloud has been extended until 9 AM ET.

https://safirsoft.com Large-scale ransomware attack sweeps across hundreds of US companies

What do infected systems look like. Photo: Kevin Beaumont, via DoublePulsar

Ransomware band REvil Delivery via standard software automatic update. It then uses PowerShell to decrypt and extract its contents while suppressing several Windows Defender mechanisms such as real-time monitoring, cloud search, and controlled folder access (a built-in Microsoft ransomware feature). The shipment also includes an older (but legal) version of Windows Defender, which is used as a trusted executable to run an encrypted DLL.

It is not yet clear if REVil steals any data from victims before activating the ransomware and encryption, but the group has done so in previous attacks.

The scale of the attack continues to expand. Supply chain attacks such as those that threaten weak upstream links (rather than hitting targets directly) can lead to their widespread destruction if used on a large scale – as is the case with VSA Kaseya. In addition, it appears that he arrived over the weekend of July 4 to reduce the availability of staff to deal with the threat and slow down the response.

https://safirsoft.com Large-scale ransomware attack sweeps across hundreds of US companies

Screenshot from Kaseya VSA Software Management

BleepingComputer Initially, eight MSPs were reported to have been attacked, and Huntress Labs, a security company of 200 companies, was contacted by three MSPs working with them. , he knows. However, further updates from John Hammond of Hunters show that the number of people affected by MSP and downstream clients is much higher than initially reported and continues to grow.

** <40. Kaseya affects less than 40 clients. pic.twitter.com/PyENI96A5E

- John Hammond Jul 3, 2021

The request is very different. This means paying Monero cryptocurrency, the highest ransom seems to start at $44,999, but can reach up to $5 million. Likewise, when the payment is due - and then the ransom double - appears to differ between victims.

Of course, both numbers probably depend on the size and scale of the goal achieved. REVil, which US officials believe has ties to Russia, received $11 million from JBS meat processors last month and claimed $50 million from Acer in March. Documentary: The Sleeping Computer

Massive ransomware attack swept hundreds of US companies
massive-ransomware-attack-swept-hundreds-of-us.html

https://safirsoft.com Biden says massive cyberattacks could lead to a

Biden says massive cyberattacks could lead to a "real war."

Recently, we have seen an increase in the number of cyber attacks, ranging from hackers ranging from Microsoft Exchange Server software vulnerabilitie...
https://safirsoft.com

...
https://safirsoft.com

...
https://safirsoft.com WhatsApp is testing an encrypted cloud backup on Android

WhatsApp is testing an encrypted cloud backup on Android

Why it matters: While WhatsApp instant messaging benefits from end-to-end encryption, backups stored in the cloud do not. This means that accessing yo...
https://safirsoft.com Microsoft says spooling disables Windows printing or else you could be hacked

Microsoft says spooling disables Windows printing or else you could be hacked

Facepalm: Microsoft is again advising its customers to disable the Windows Print Spooler after a new vulnerability emerged that allowed hackers to exe...
https://safirsoft.com End-to-end encryption for the loop is performed in the United States and other regions for live tracking

End-to-end encryption for the loop is performed in the United States and other regions for live tracking

Those who don't want Amazon to share their Ring photos with the police have a new end-to-end encryption feature they can enable. While obviously, the ...