What is REvil? Kaseya Breach Uncovers Massive Ransomware Attack on US Companies

  • Updated

Another massive ransomware attack has been unleashed against US businesses, with the latest attack targeting at least 200 US companies, cyber security experts have said.

Cybersecurity company Huntress Labs said the wave of ransomware attacks was identified after it was revealed that systems at the Miami-based IT firm Kaseya were compromised.

Colossal Attack

"This is a colossal and devastating supply chain attack," John Hammond, a senior security researcher with Huntress, said. "We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted," he said.

UHS hospital network is down due to ongoing ransomware attack (representational image) Pixabay

Kaseya, a remote IT management platform, has taken its cloud service offline in the aftermath of the incident, the details of which are only slowly emerging.

US Cybersecurity and Infrastructure Security Agency (CISA) said it was taking action to understand and address the recent supply-chain ransomware attack against Kaseya.

CISA has not been able to identify how the hackers gained access to the systems.

However, Hammond said based on information that he has, the current attack was the handiwork of REvil, a Russian-speaking criminal syndicate. "Based on everything we are seeing right now, we strongly believe this (is) REvil/Sodinikibi," Hammond said.

'SolarWinds with Ransomware'

According to Russia Today REvil was blamed by the FBI in May for the ransomware attack on a Brazilian meat-packing conglomerate. The hack had disrupted meat processing and deliveries in the US, Canada and Australia.

Clark County School District came under cyberattack last month (representational image) Pixabay

Later, the company, JBS, revealed that it had paid a $11 million ransom to the hackers.

Another cyber security expert said this wave of ransomware attack was the "SolarWinds with ransomware." According to Brett Callow, an with Emsisoft, there has been no previous ransomware attacks in his knowledge that matched the scale of the current one, the Associated Press reported.

REvil had been blamed by the US for the SolarWinds breach. By extension, Russia was accused by Washington as well, a charge Moscow denied as absurd.

Meanwhile, Kaseya said it was investigating a "potential attack" on VSA, a tool widely used to reach into corporate networks. Kaseya has a whopping 40,000 customers that use its products.

This article was first published on July 3, 2021