Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Continuous Updates: Everything You Need to Know About the Kaseya Ransomware Attack

Kaseya Ransomware Attack Information

Kaseya Ransomware Attack Information

On July 2, IT management software maker Kaseya informed customers that it had launched an investigation into an attack targeting customers of its VSA product. The attackers leveraged zero-day vulnerabilities — as well as legitimate VSA functionality — to deliver the REvil ransomware to MSPs and their customers.

The attack appears to impact tens of Kaseya customers and hundreds of downstream businesses.

The cybercrime group that launched the attack used the ransomware to encrypt files on compromised systems and they are hoping to earn tens of millions of dollars as a result.

SecurityWeek is covering all the new information that emerges and here you can find a summary of all articles on this topic, as well as other useful resources. This article will be regularly updated with new information.

News Coverage

Decryption Key for Ransomware Delivered via Kaseya Attack Made Public (08.11.2021) – A key that can be used to decrypt files encrypted by the REvil ransomware delivered as part of the Kaseya attack has been made public.

Kaseya Denies Paying Cybercriminals Who Launched Ransomware Attack (07.27.2021) – Kaseya says it did not pay any money to the cybercriminals who recently launched a ransomware attack against the company’s customers.

Advertisement. Scroll to continue reading.

Kaseya Obtains Universal Decryptor for Ransomware Attack Victims (07.23.2021) – Kaseya has obtained a universal decryptor that should allow victims of the recent ransomware attack to recover their files.

Firm Hacked to Spread Ransomware Had Previous Security Flaws (07.14.2021) – Kaseya products were previously abused to deliver malware and the company had done poorly when it came to patching vulnerabilities.

Kaseya Releases Patches for Vulnerabilities Exploited in Ransomware Attack (07.12.2021) – Kaseya has released patches for the vulnerabilities exploited in the recent ransomware attack, and the company has also started restoring SaaS services.

Restart After Hacks Delayed Again by Software Firm (07.09.2021) – Kaseya has once again delayed the release of patches in response to the recent ransomware attack.

Emails Offering Kaseya Patches Deliver Malware (07.08.2021) – Kaseya is still working on patching the vulnerabilities exploited in the recent ransomware attack, but some cybercriminals are sending out emails offering the patches in an effort to distribute their malware.

Researchers Reproduce Exploit Used in Kaseya Hack (07.07.2021) – Researchers have reproduced the exploit used in the Kaseya hack, just as the company’s CEO downplayed the impact of the attack.

Swedish Supermarket Closed by Kaseya Cyberattack (07.06.2021) – Most of the 800 shops of Swedish supermarket chain Coop were closed as a result of the Kaseya attack.

Hackers Demand $70 Million as Kaseya Ransomware Victim Toll Nears 1,500 Firms (07.06.2021) – The attack impacted up to 1,500 organizations, but Kaseya claimed there was no evidence of malicious modifications to product source code. The vendor is working on patching the zero-day vulnerability exploited in the attack.

Scale, Details of Massive Kaseya Ransomware Attack Emerge (07.05.2021) – More information comes to light regarding the attack on Kaseya, including the ransom demand, the number of impacted organizations.

IT Software Firm Kaseya Hit By Supply Chain Ransomware Attack (07.03.2021) – Kaseya is urging users of its VSA product to immediately shut down servers to prevent them from being compromised in a widespread ransomware attack.

Useful Resources

Compromise detection tool from Kaseya

Incident overview and technical details from Kaseya

Security notice from Kaseya (regularly updated)

Detailed analysis of the attack by Huntress

Detailed analysis of malware delivery by Sophos

CISA-FBI guidance for MSPs and their customers

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.