According to the hacking forum XSS, the group’s former public representative known as UNKN “disappeared”, and the malware developers, failing to find him, waited awhile and restored the Trojan infrastructure from backups. Later it emerged that the company got the decryptor and the key from the FBI.īut already in the first half of September, REvil was up and running again. According to Kaseya, it “did not pay a ransom - either directly or indirectly through a third party”. Meanwhile, Kaseya got a universal decryptor for all those affected by the attack. REvil’s original $70 million ransom demand in exchange for decryption of all the users hit by the attack was soon moderated to 50 million.įollowing this massive attack, law enforcement agencies stepped up their attention to REvil, so by mid-July the gang turned off their Trojan infrastructure, suspended new infections and dropped out of sight. Thanks to this onslaught on the supply chain, the attackers were able to infect over one thousand of the compromised MSPs’ client businesses.
In early July, the group REvil/Sodinokibi attempted an attack on the remote administration software Kaseya VSA, compromising several managed services providers (MSP) who used this system. Ransomware programs Quarterly trends and highlights Attack on Kaseya and the REvil story The families (2.7%) and (1.5%) have made it back into the Top 10 in Q3 - seventh and ninth places, respectively. The Top 3 was rounded out by the CliptoShuffler family (9.6%) - one position and just 0.3 p.p. Next came the SpyEye (17.5%) family, whose share doubled from 8.8% in the previous quarter. In Q3, the family ZeuS/Zbot (17.7%), as usual, became the most widespread family of bankers. * Unique users who encountered this malware family as a percentage of all users attacked by financial malware. ** Unique users whose computers were targeted by financial malware as a percentage of all unique users of Kaspersky products in the country. * Excluded are countries with relatively few Kaspersky product users (under 10,000). Top 10 countries by share of attacked users
Geography of financial malware attacks, Q3 2021 ( download) Kaspersky Advanced Cyber Incident Communications.KasperskyEndpoint Detection and Response.KasperskyPhysical, Virtual & Cloud Workloads Security.
Kaspersky Internet Security for Android.