It’s critical that you do this immediately, because one of the first things the attacker does is shutoff administrative access to the VSA.” “We are in the process of investigating the root cause of the incident with an abundance of caution but we recommend that you IMMEDIATELY shutdown your VSA server until you receive further notice from us. “We are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only as of 2:00 PM EDT today,” Kaseya wrote on Friday afternoon.
July 4, 4:00 pm, Malwarebytes telemetry shows surge in REvil detections.July 4, 8:50 pm, REvil asks for $70 million.July 5, 4:30 am, Kaseya releases compromise detection tool.July 5, 5:00 am, Kaseya flaw part of larger structural weakness in admin tools.July 6, 2:45 am, Ransom demand drops to $50 million, REvil branded "terrorists".July 6, 3:15 am, Malwarebytes telemetry reveals global scale of the attack.
JACK CABLE KREBS STAMOS RANSOMWHERE UPDATE
July 6, 3:40 pm, malspam using fake Kaseya security update.July 7, 8:30 am, Kaseya VSA SaaS platform still offline, not updated as planned.
Malwarebytes detects the REvil ransomware used in this attack as Sodinokibi. Malwarebytes does not use Kaseya products.
0 kommentar(er)
