CYBER NEWS UPDATE #68

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cybersecurity in only a few minutes.

The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world.

The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand.

In this special podcast we will discuss Kaseya.

Kaseya is software company located in Florida, USA. 

They claim to have more than 40,000 organizations around the world, using one of Kaseya’s industry-leading IT solutions.

KASEYA have a product named VSA,  its a Remote Monitoring & Management set of tools aimed for different organizations and service providers. 

One of its features is Automating software patch management and vulnerability management to ensure that all systems are up to date, and another feature is managing backups and antiviruses on remote systems.

By design KASEYA VSA needs to have privileged access to the remote computers it manage.

Kaseya said in a statement that approximately 50 of its direct customers were breached in cyber attack. 

The attackers were able to gain access using the update server to the clients networks and from there encrypt remote computers.

Since many of Kaseya’s customers provide IT services to small businesses such as restaurants and accounting firms it is difficult to estimate the number of businesses that were impact because of this cyber attack.

Another consequence was that the Swedish coop grocery store chain was forced to close 800 stores during several days.

Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing U.S. offices would be lightly staffed. 

Many victims may not learn of it until they are back at work on Monday. 



Short time after the incident Kaseya said it sent a detection tool to nearly 900 customers.

During this cyber attack we saw for the first time the use of encrypting files by extensions. 

In previous cyber attacks you got a message telling you that you have to pay some amount for a key that will decrypt everything back to normal.

This time, the hackers chose to maximize the potential profit by telling users they have to pay for each file extension. So if you had on the computer many word documents and many excel files you will have to pay per each type of files separately from 5000$ per extension, so even if you are a small organization with only few computers, restoring each computer will cost considerable amount of money.

REvil group offer master decryption key for all victims of the Kaseya attack in exchange for $50 million, later on they reduced the price to 20million$.

Things became even more interesting when Revil deleted their virtual presence completely, no web page, no blog, no page to page to decrypt, everything suddenly disappeared.

Many people estimates that Revil is based in Russia based on their past communications, the fact that the US president meant with the Russian president and threaten to take action against groups who perform ransomware attacks on America caused rumors that Revil group have been stopped by the USA, others claimed they were stopped by the Russian government.

No one know what really happen to the group, but few days after Revil Disappearance KASEYA sent a message to its clients with universal decryptor so all the clients can quickly and easily restore the encryptions that were made.

KASEYA declined to respond where they got the decryptor from, which indicates that in high probably they paid to Revil large amount of money.

In just a short time Revil was able to steal confidential plans from Apple, Hack into sensitive US Defense sites, and disrupt the meat industry dramatically.

Revil already changed their name and shape in the past and no one will be surprised to see them appearing soon under a different brand.


That’s it for this podcast, stay safe and see you in the next podcast.

Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

Leave a Reply