Here they claimed that the hackers executed SQL commands on the VSA devices to install ransomware on all connected clients by utilizing the bypass the authorization on the VSA web panel.
The head of the DIVD, Victor Gevers asserted that when Kaseya was assaulted at that time Kaseya was in the procedure of patching a 0-day (CVE-2021-30116) vulnerability.
The head of DIVD, Victor Gevers refused to divulge any additional details relating to the vulnerability. But, the very first entity that reported this incident, Huntress Labs noted that this vulnerability is about an authentication bypass vulnerability in the VSA web user interface.
Recently a cyberattack struck the American MSP supplier Kaseya, and the specialists have claimed that this attack is among the largest in the history of ransomware attacks.
When the server is infected, the malware shuts down administrative gain access to and begins securing information, the precursor to the full ransomware attack cycle. As soon as the file encryption procedure is complete, the systems desktop wallpaper is set as follows.
REvil Ransomware likewise called Sodinokibi observed wild at the end of April 2019. The REvil ransomware belongs of Ransomware-as-a-Service (RaaS) where a set of individuals maintain the source code and other affiliate groups distribute the ransomware.
Apart from this, more than 1 million systems were contaminated with this ransomware, as the hackers have claimed on their darknet website. It was assumed initially that operators of REvil ransomware might access to the Kaseya backend facilities.
The specialists estimated that the hackers will do so to distribute the destructive install the ransomware and upgrade on VSA servers running on the networks of the businesss consumers.
Presently, it is not known for sure how this attack is being performed, but it seems affecting both Kaseya and its 40 Customers along with their customers worldwide.
The assailants behind this event, which impacted numerous business utilizing Kaseya software, is the ransomware group “REvil.” And not only that even to provide a universal decryptor the operator of REvil has actually required $70 million in bitcoins to open all the encrypted systems.
However, the researchers at Dutch non-profit company DIVD verified the hackers made use of an unknown 0-day vulnerability in the Kaseya VSA server.
Ransomware Gang Demand $70 Million Ransom
Nevertheless, the business specified that it has actually identified the vulnerability and is preparing a repair, and not just this, even they have also offered a brand-new tool called Compromise Detection Tool to examine servers for hacks to all its consumers.
You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity and hacking news updates.
Early last month REvil extorted $11 million from the meat-processor JBS, and because April 2019 REvil is active. And now for a universal decryptor, the hackers have asked Kaseya $70 million as a ransom payment.
According to the reports, this hefty ransom amount is the most significant ransom payment ever demanded by any ransomware operator.
While apart from this, over the weekend the scientist at ESET has taped a record swell in infections with the REvil ransomware, and they associate this with the Kaseya occurrence.