If paid, it would make this the largest ransomware incident in history.
How did this happen?
40% off TNW Conference!
Then, it was deployed to all connected client computers and servers.
How bad is it?
The REvil gang noted on its dark web blog thatmore than a million systems were infected.
Among them isCoop, a Swedish supermarket chain.
This incident is believed to be one of the largest supply chain attacks of all time.
REvil is the name of a ransomware-as-a-service (RaaS) operation.
The developers behind REvil are believed to be in, from, or linked to Russia.
Strangely, they mysteriously removed references to that incident a week later.
REvil was also responsible fora breach of Acers systemsrecently.
Can we fix it?
Kaseyas first step to mitigate damage was to instruct its clients to take its VSA servers offline.
CEO Fred Voccola told CRN that the company isworking to address the situation.
However, its not clear if that will also take care of the problem of locked files.
Voccola also said, The technical teams are working with them [impacted MSPs] around the clock.
Were helping them from a legal perspective.
Were helping them deal with with the authorities, whether its federal or state.
Were helping them navigate with their insurance providers.
Whats next?
It remains to be seen how Kesaya and its clients will navigate this.
Theres the matter of the $70 million decryption tool that could solve the problem at hand.
However, the USFBI has previously discouraged victims from paying up.
