- CREATED 2 HOURS AGO by AlienVault
- Public
- TLP: White
Sophos has issued an advisory to customers of its Kaseya VSA server that is being used in an industry wide supply chain attack using a variant of the REvil ransomware to demand a ransom.
REFERENCES: https://community.sophos.com/b/security-blog/posts/active-ransomware-attack-on-kaseya-customershttps://www.bleepingcomputer.com/news/security/revil-ransomware-hits-200-companies-in-msp-supply-chain-attack/
MALWARE FAMILIES: Kaseya, REvil
ATT&CK IDS: T1195 – Supply Chain Compromise, T1560 – Archive Collected Data, T1018 – Remote System Discovery, T1471 – Data Encrypted for Impact