Friday, May 23, 2025
HomeRansomwareKaseya's REvil Ransomware Attack Hits 40 Customers worldwide & Hackers Ask's...

Kaseya’s REvil Ransomware Attack Hits 40 Customers worldwide & Hackers Ask’s $70 Million

Published on

SIEM as a Service

Follow Us on Google News

Recently a cyberattack hit the American MSP provider Kaseya, and the experts have claimed that this attack is one of the largest in the history of ransomware attacks.

The attackers behind this incident, which affected hundreds of companies using Kaseya software, is the ransomware group “REvil.” And not only that even to provide a universal decryptor the operator of REvil has demanded $70 million in bitcoins to unlock all the encrypted systems.

REvil Ransomware also known as Sodinokibi observed wild at the end of April 2019. The REvil ransomware is a part of Ransomware-as-a-Service (RaaS) where a set of people maintain the source code and other affiliate groups distribute the ransomware.

- Advertisement - Google News

Apart from this, more than 1 million systems were infected with this ransomware, as the hackers have claimed on their darknet portal. It was assumed initially that operators of REvil ransomware could gain access to the Kaseya backend infrastructure.

Currently, it is not known for sure how this attack is being carried out, but it appears to be affecting both Kaseya and its 40 Customers along with their clients worldwide.

However, the experts estimated that the hackers will do so to distribute the malicious update and install the ransomware on VSA servers running on the networks of the company’s customers.

But, the researchers at Dutch non-profit organization DIVD affirmed the hackers exploited an unknown 0-day vulnerability in the Kaseya VSA server.

Once the server is infected, the malware shuts down administrative access and begins encrypting data, the precursor to the full ransomware attack cycle. Once the encryption process is complete, the system’s desktop wallpaper is set as follows.

Further information

The head of the DIVD, Victor Gevers asserted that when Kaseya was attacked at that time Kaseya was in the process of patching a 0-day (CVE-2021-30116) vulnerability.

Moreover, the head of DIVD, Victor Gevers refused to disclose any further details regarding the vulnerability. But, the first entity that reported this incident, Huntress Labs noted that this vulnerability is about an authentication bypass vulnerability in the VSA web interface.

Here they claimed that the hackers executed SQL commands on the VSA devices to install ransomware on all connected clients by using the bypass the authorization on the VSA web panel.

Ransomware Gang Demand $70 Million Ransom

Early last month REvil extorted $11 million from the meat-processor JBS, and since April 2019 REvil is active. And now for a universal decryptor, the hackers have asked Kaseya $70 million as a ransom payment.

According to the reports, this hefty ransom amount is the biggest ransom payment ever demanded by any ransomware operator..

However, the company stated that it has identified the vulnerability and is preparing a fix, and not only this, even they have also provided a new tool known as Compromise Detection Tool to check servers for hacks to all its customers.

While apart from this, over the weekend the researcher at ESET has recorded a record swell in infections with the REvil ransomware, and they associate this with the Kaseya incident.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Researchers Uncover Infrastructure and TTPs Behind ALCATRAZ Malware

Elastic Security Labs has recently exposed a sophisticated new malware family dubbed DOUBLELOADER, observed...

TAG-110 Hackers Deploy Malicious Word Templates in Targeted Attacks

The Russia-aligned threat actor TAG-110, also linked to UAC-0063 and APT28 (BlueDelta) with medium...

Winos 4.0 Malware Masquerades as VPN and QQBrowser to Target Users

A sophisticated malware campaign deploying Winos 4.0, a memory-resident stager, has been uncovered by...

NETGEAR Router Flaw Allows Full Admin Access by Attackers

A severe authentication bypass vulnerability (CVE-2025-4978) has been uncovered in NETGEAR’s DGND3700v2 wireless routers,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Inside LockBit: Data Leak Reveals Leading Affiliates and How They Operate

A massive data leak from the LockBit ransomware group, published on its hijacked leak...

Russian Hacker Indicted Over $24 Million Qakbot Ransomware Operation

The U.S. Department of Justice has unsealed a federal indictment against Rustam Rafailevich Gallyamov,...

VanHelsing Ransomware Builder Exposed on Hacker Forums

The cybersecurity landscape reveal that the VanHelsing ransomware operation has experienced a significant security...