REVIL RANSOMWARE SPREADS INTO SUPPLY CHAINS

It seems that more than 200 American businesses have been attacked by the REvil ransomware that is believed to be developed and maintained by Russian criminals. REvil – also known as Sodinokibi – is one of the most prolific and profitable cyber-criminal groups in the world.

The Cybersecurity & Infrastructure Security Agency (CISA) is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software. CISA encourages organizations to review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers. 

Kaseya said one of its applications that runs corporate servers, desktop computers and network devices might have been compromised. The company said it was urging customers that use its VSA tool to immediately shut down their servers. Kaseya’s website says it has a presence in over 10 countries and more than 10,000 customers.

Many US and EU companies are reporting problems as the REvil malware campaign expands. It appears that this cyber attack may well be the worst so far.

The microsoft answers are loaded with hundreds of complaints of being attacked by ransomware. Efforts at decryption has been attempted by some experts with limited success. The miscreants that develop this class of malware are the most vile of criminals out there. Extortion is a major offence.