'If help is needed, call in a team of experts to help verify the situation within the environment.' 'Check with security product vendors to verify protections are in place for REvil ransomware,' he added.
Ian Porteous at IT security firm Check Point Software said any company running Kaseya's VSA should 'unplug it from the network right now, although it might be too late'. REVil has an affiliate structure, occasionally making it difficult to determine who speaks on the hackers' behalf, Reuters reports.īut Allan Liska of cybersecurity firm Recorded Future said the message 'almost certainly' came from REvil's core leadership. This set off a chain reaction that paralysed computers of hundreds of firms worldwide. This time, REVil infected Kaseya, a provider of IT management software for managed service providers (MSPs) – companies that remotely manage a customer's IT infrastructure.Įssentially, REvil used Kaseya's access to breach not only its clients, but its clients' clients – in other words, both MSPs and their customers. REvil is best known for extorting $11 million from the meat-processor JBS back in May this year after a Memorial Day attack.
The most affected were Italy, followed by the US, Colombia, Germany and Mexico. Meanwhile, Kaspersky said it has observed more than 5,000 attack attempts in 22 countries. Coop had to close hundreds of stores on Saturday because its cash registers had been knocked offline as a consequence of the attack.