Incident Response Blog: REvil Ransomware Campaign Targeting Kaseya VSA Customers

1.0Cyber Threat Alliancehttps://www.cyberthreatalliance.orgIncident Response Blog: REvil Ransomware Campaign Targeting Kaseya VSA Customers - Cyber Threat Alliancerich600338<blockquote class="wp-embedded-content" data-secret="P90oF3U62S"><a href="https://www.cyberthreatalliance.org/incident-response-blog-revil-ransomware-campaign-targeting-kaseya-vsa-customers-2/">Incident Response Blog: REvil Ransomware Campaign Targeting Kaseya VSA Customers</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://www.cyberthreatalliance.org/incident-response-blog-revil-ransomware-campaign-targeting-kaseya-vsa-customers-2/embed/#?secret=P90oF3U62S" width="600" height="338" title="“Incident Response Blog: REvil Ransomware Campaign Targeting Kaseya VSA Customers” — Cyber Threat Alliance" data-secret="P90oF3U62S" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script nonce="2ce19bea8f"> /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); //# sourceURL=https://www.cyberthreatalliance.org/wp-includes/js/wp-embed.min.js </script> https://www.cyberthreatalliance.org/wp-content/uploads/2020/12/AdobeStock_271033455-scaled-1.jpeg25601707On Friday, 2 July, CTA members became aware of a ransomware campaign targeting Kaseya’s VSA product. VSA is used by Managed Service Providers (MSPs) to monitor and manage information technology for their clients, provide automation, and assist with software patch management. In this incident, an affiliate of REvil leveraged a zero-day vulnerability in VSA to … Continued