The ransomware group REvil, which has taken responsibility for the attack on the IT company Kaseya and its customers, has offered a universal decryption key at a record price of $70 million.
Kaseya, a well-known business IT company, is the latest victim of REvil’s data encryption attack.
The attack on Kaseya appears to be financially motivated, but its impact is similar to the Kremlin-backed attack on SolarWind’s Orion network management software.
The attack exploited a zero-day or previously unknown vulnerability in the Kaseya VSA.
U.S. President Joe Biden said the U.S. believed the Kremlin had nothing to do with the attack.
On Sunday, Anne Neuberger, deputy national security adviser for cyber and new technologies, instructed victims to report incidents to the FBI’s IC3 (Internet Crime Complaint Center).
VSA customers are advised to download the VSA detection tool, which helps security teams find REvil components on their networks.
It is also recommended that VSA customers require multifactor authentication for each account, not just administrator accounts with high privileges.
VSA customers were also urged to implement an authorization list to restrict communication with remote monitoring and management (RMM) capabilities to known IP address pairs and/or to place RMM administrative interfaces behind a virtual private network (VPN) or firewall on a dedicated administrative network.
For more information, read the original story in ZDNet.
