Commentary on REvil ransomware attack
July 2021 by Gogolinski is the Vice President of Research and Intelligence at iboss
By now, the security implications of the ransomware attack by the Russia-based REvil group are becoming more clear. A comment from threat intelligence expert Jim Gogolinski.
Gogolinski is the Vice President of Research and Intelligence at iboss and helped discover the infamous Sandworm breach.
"What makes this attack unique is that it may be the first large scale multi-tiered supply chain based ransomware attack. REvil took advantage of some zero days in Kaseya VSA cloud-based software to deliver their ransomware through the MSP providers who use Kaseya to get to their actual victims, thousands of clients of these MSPs. REvil is claiming to have impacted over a million systems with this latest attack. In another first, REvil is asking for the highest reported payment of $70M. This is a change from their initial ask of a large payment from each impacted MSP and then a smaller payment from the actual clients themselves. This attack continues to drive home the point that ransomware groups continue to evolve their TTPs as well as their business plans. Ransomware attacks are increasing in both volume and complexity and companies need to remain vigilant and have a tested plan in place in case they become a victim."