REvil bungled its massive ransomware attack, giving businesses an easy out

Not with a bang but with a whimper

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

New details about the recentransomwarecampaign against Kaseya’s customers reveal the change in tactics could cost the threat actors dear.

Ransomware attacks are usually targeted campaigns directed towards specific targets. However in order to maximize the damage, REvil instead exploited the zero-day in Kaseya’s VSA software tocompromise severalmanaged service providers (MSP) and deliverransomware to their downstream customers.

While they might have been successful in conducting thelargest known ransomware attack, the change in modus operandi meant that the attackers could neither exfiltrate any data nor encrypt the backups of their victims, leading many to restore their machines.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

Click here to start the survey in a new window«

“In the Kaseya attack, they opted to try and impact EVERY Kaseya client by targeting the software vs direct ingress to an MSP’s network. By going for such a broad impact they appear to have sacrificed the step of encrypting / wiping backups at the MSP control level,” Bill Siegel, CEO of ransomware negotiation firm Coveware,toldBleepingComputer.

Killing the golden goose

In their bid to infect downstream Kaseya users around the world, REvil had to rely on automated mechanisms for removing backups, some of which were reportedly coded very sloppily.

Also, since the infected victims were clients of Kaseya managed service providers (MSP), which is how they were targeted in the first place, most if not all would probably have offsitebackupswith their MSPs.

Siegel toldBleepingComputerthat although the attack did cause disruption, the overall damage wouldn’t be proportional since the amount of unrecoverable encrypted data will “end up being minimal.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Although some victims have reportedly caved in to REvil’s demands and coughed up the ransom, Siegel believes the limited amounts of unrecoverable data “will translate to minimal need to pay ransoms.”

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)