Kaseya ransomware attack was apparently coded to avoid Russia

But will Russia act against the cyber perps?

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have discovered that themalwarethat delivered the REvil ransomware onthousands of computersmanaged by Kaseya VSA, was designed to avoid infecting computers in countries which are the principal members of the Commonwealth of Independent States (CIS).

Initially suspected to be a supply chain attack, the campaign in fact exploited a zero-day vulnerability in Kaseya’s VSA software to compromise several managed service providers (MSP) and deliverransomwareto their downstream customers.

In their analysis of the malware security researchers at Trustwavenotethe ransomware avoids systems in countries of the former USSR region.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

Click here to start the survey in a new window«

Security experts havepreviously suggestedthat installing a Cyrillic keyboard might be enough to convince a malware that you are Russian and off limits.

Unpatched zero-day

In response to the attack, Kaseya pulled the plug on VSA’s software-as-a-service offering, and asked all of its customers to take their on-premise VSA servers offline as well.

Reporting on the developers,The Registernotesthat one of the exploited vulnerabilities in VSA was initially reported to Kaseya back in April, 2021. It was part of seven VSA bugs that were unearthed by Dutch Institute for Vulnerability Disclosure (DIVD) and reported privately to Kaseya.

Patches for four of these were released in April and May, while the remaining three were scheduled for delivery in an upcoming release.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

But before one of those unpatched bugs, tracked as CVE-2021-30116, could be fixed it was exploited by REvil to deploy ransomware on computers around the world, except of course Russia, and the other CIS countries.

ZDNetreportsthat the White House has warned Russia to take action against the threat actors, or else the US might have to take matters in its own hands.

“As the President made clear to President Putin when they met, if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own,” said White House press secretary Jen Psaki.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

3 reasons why PIA fell in our best VPN rankings

Alt + Tab trouble: Windows 11’s 24H2 update turns time-saving shortcut into ten-second headache