{"id":1704,"date":"2021-07-05T07:24:50","date_gmt":"2021-07-05T07:24:50","guid":{"rendered":"https:\/\/www.attack-secure.com\/?p=1704"},"modified":"2023-01-09T11:16:49","modified_gmt":"2023-01-09T11:16:49","slug":"huge-supply-chain-attack-affects-200-msps-with-revil-ransomware","status":"publish","type":"post","link":"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/","title":{"rendered":"Huge supply chain attack affects 200 MSP&#8217;s with REvil ransomware"},"content":{"rendered":"\n<p>On Friday, many managed service providers (MSPs) started experiencing potential attack and it was confirmed to be a ransomware attack via Kaseya VSA that was exploited using a supply-chain attack. The ransomware was confirmed to be REvil ransomware, also known as Sodinokibi ransomware. This ransomware was targeted towards MSPs and has found to have exploited the zero day vulnerability in Kaseya VSA.<\/p>\n\n\n\n<p><strong>Kaseya VSA is a remote monitoring and management (RMM) tool<\/strong> that has been used by IT departments and MSPs for remotely monitoring their employees and client devices respectively. The features include remote access, patch management, server\/endpoint management and more. It has been a very popular tool in the MSP community just like how Solarwinds was.<\/p>\n\n\n\n<p>Meanwhile, the Huntress team is active on <a href=\"https:\/\/www.reddit.com\/r\/msp\/comments\/ocggbv\/crticial_ransomware_incident_in_progress\/\" target=\"_blank\" rel=\"noreferrer noopener\">Reddit<\/a> updating the MSP community above the attack and how Kaseya VSA users have been the victim of this attack. Also claims to have proof that Kaseya VSA is the entry point of the attack, as their clients have been impacted by this attack and around 200 businesses data have been encrypted through their three partners.<\/p>\n\n\n\n<p>On the other hand, Kaseya <a href=\"https:\/\/helpdesk.kaseya.com\/hc\/en-gb\/articles\/4403440684689\" target=\"_blank\" rel=\"noreferrer noopener\">published a security advisory<\/a> requesting their VSA users to shutdown their server imminently to prevent the spread of the attack. And below is a gist of Kaseya&#8217;s statement,<\/p>\n\n\n\n<p class=\"has-black-color has-text-color\">&#8220;We are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only as of 2:00 PM EDT today.<\/p>\n\n\n\n<p class=\"has-black-color has-text-color\">We are in the process of investigating the root cause of the incident with an abundance of caution but we recommend that you IMMEDIATELY shutdown your VSA server until you receive further notice from us.<\/p>\n\n\n\n<p class=\"has-black-color has-text-color\">Its critical that you do this immediately, because one of the first things the attacker does is shutoff administrative access to the VSA.&#8221;<\/p>\n\n\n\n<p>Kaseya shutdown their VISA servers from their side, and is now working with other security firms to handle the situation and understand what is happening with their application. A major ransoware attack happening on Friday right before the weekend, and also with July 4th coming up. Considering this would be a long weekend for most of the organization, ransomware actors have clearly planned the attack and launched it accordingly.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Modus Operandi of the attack<\/strong><\/h2>\n\n\n\n<p>Based on the statements from <a href=\"https:\/\/twitter.com\/_johnhammond\" target=\"_blank\" rel=\"noreferrer noopener\">John Hammond, Huntress<\/a> and <a href=\"https:\/\/twitter.com\/markloman\" target=\"_blank\" rel=\"noreferrer noopener\">Mark Loman, Sophos<\/a> the attack is identified to be a supply chain attack through Kaseya VSA platform.<\/p>\n\n\n\n<ul><li>As per John, Kaseya VSA drops an agent .crt file at c:\\kworking folder that is used for updating the Kaseya hot-fix.<\/li><li>Then a PowerShell command is launched to decode the .crt file and the agent.exe file will be extracted inside the same folder.<\/li><li>Later, the agent.exe file is signed with the &#8220;PB03 TRANSPORT LTD&#8221; certificate including an &#8216;MsMpEng.exe&#8217; and &#8216;mpsvc.dll&#8217;, with that DLL file being the REvil ransomware encryption.<\/li><li>This MsMpEng.exe is later used for LOLBin to launch the DLL and encrypt the device completely. There are also a few samples with modified Windows Registry keys and configurations.<\/li><li>One of the variants launches REvil in safe mode giving advanced control for encryption.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"950\" height=\"179\" src=\"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Power-Shell-to-decode-crt-file.png\" alt=\"Power Shell to decode crt file\" class=\"wp-image-1707\" srcset=\"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Power-Shell-to-decode-crt-file.png 950w, https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Power-Shell-to-decode-crt-file-300x57.png 300w, https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Power-Shell-to-decode-crt-file-768x145.png 768w\" sizes=\"(max-width: 950px) 100vw, 950px\" \/><\/figure>\n\n\n\n<ul><li>Later, the agent.exe file is signed with the &#8220;PB03 TRANSPORT LTD&#8221; certificate including an &#8216;MsMpEng.exe&#8217; and &#8216;mpsvc.dll&#8217;, with that DLL file being the REvil ransomware encryption.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"574\" height=\"717\" src=\"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/agent-exe-digital-signature-information.png\" alt=\"agent exe digital signature information\" class=\"wp-image-1708\" srcset=\"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/agent-exe-digital-signature-information.png 574w, https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/agent-exe-digital-signature-information-240x300.png 240w\" sizes=\"(max-width: 574px) 100vw, 574px\" \/><\/figure>\n\n\n\n<ul><li>This MsMpEng.exe is later used for LOLBin to launch the DLL and encrypt the device completely. There are also a few samples with modified Windows Registry keys and configurations.<\/li><li>One of the variants launches REvil in safe mode giving advanced control for encryption.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"722\" height=\"507\" src=\"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/REvil-in-safe-mode-advanced-mode.png\" alt=\"REvil in safe mode advanced mode\" class=\"wp-image-1710\" srcset=\"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/REvil-in-safe-mode-advanced-mode.png 722w, https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/REvil-in-safe-mode-advanced-mode-300x211.png 300w\" sizes=\"(max-width: 722px) 100vw, 722px\" \/><\/figure>\n\n\n\n<p>Kaseya CEO Fred Voccola has said that their organization is working on a patch to resolve the vulnerability and it will be released soon. Here&#8217;s his exact words about the security incident,<\/p>\n\n\n\n<p class=\"has-black-color has-text-color\">&#8220;While our investigation is ongoing, to date we believe that:<\/p>\n\n\n\n<p class=\"has-black-color has-text-color\">Our SaaS customers were never at-risk. We expect to restore service to those customers once we have confirmed that they are not at risk, which we expect will be within the next 24 hours;<\/p>\n\n\n\n<p class=\"has-black-color has-text-color\">Only a very small percentage of our customers were affected \u2013 currently estimated at fewer than 40 worldwide.<\/p>\n\n\n\n<p class=\"has-black-color has-text-color\">We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it for our on-premises customers that will be tested thoroughly. We will release that patch as quickly as possible to get our customers back up and running.&#8221; &#8211; Kaseya.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>REvil ransomware and their targeted attacks<\/strong><\/h2>\n\n\n\n<p>The REvil ransomware group is demanding $5,000,000 ransom to share the decryptor, and few small MSP customers have received a ransom of $44,999, this clearly shows that REvil ransomware studies the environment and based on the devices encrypted there ransom demand varies.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"603\" src=\"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/ransoming-money-1024x603.png\" alt=\"ransoming money\" class=\"wp-image-1711\" srcset=\"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/ransoming-money-1024x603.png 1024w, https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/ransoming-money-300x177.png 300w, https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/ransoming-money-768x452.png 768w, https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/ransoming-money.png 1114w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>MSP&#8217;s have always been a sweet spot for hackers as they do manage numerous devices and businesses, and any targeted attack on MSPs happens via end-to-end study of their network and software they use. REvil has a very good knowledge about the MSP space and they have been targeting MSPs for a long time now.<\/p>\n\n\n\n<p>Last year, <a href=\"https:\/\/www.compushooter.com\/alert-sodinokibi-ransomware-spreads-via-hacked-msps-sites-and-spam\/\" target=\"_blank\" rel=\"noreferrer noopener\">REvil targeted MSPs via Remote Desktop<\/a> and later orchestrated the attack using a management software to deliver ransomware to the devices they manage. On the side note REvil group members is rumored to be a part of <a href=\"https:\/\/www.kaspersky.co.in\/blog\/gandcrab-ransomware-is-back\/15352\/\" target=\"_blank\" rel=\"noreferrer noopener\">GrandCarb ransomware<\/a> and is thus known for their domain expertise and clarity of MSP&#8217;s and their management models.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How to stay immune against such Supply Chain and Ransomware Attacks?<\/strong><\/h2>\n\n\n\n<p>Supply chain and ransomware attacks are increasing in numbers in recent times as the demand for remote workforce management is growing. MSPs are needed during these remote times, and considering that the threat actors are orchestrating their attack in a very clinical way by ensuring the fix will take some time and that should be enough to wreck havoc for businesses. There are some best practices to stay immune to such attacks and we will see them one-by-one.<\/p>\n\n\n\n<ul><li>Always ensure the RMM software you own is aware of its suppliers and proper supplier confidentiality and security agreements have been signed between the properties to ensure everything is documented. Ask your RMM provider for a supply chain confidentiality document where their suppliers list has to be disclosed and updated periodically.<\/li><li>Make sure their privacy policies are clean and neat, ensure there isn&#8217;t an unnecessary third party involved in handling of your data.<\/li><li>Always patch the RMM application, and the applications\/OS it manages on time. Delayed patching is a breeding ground for ransomware attacks.<\/li><li>Always have plan B, a reactive approach to managing your organization. Disaster Recovery and Backups are the key practices that any organization should have during these unprecedented times.<\/li><\/ul>\n\n\n\n<p>Be prepared and stay secured with the right security practices, skills and tools for being the less favorite target for threat actors.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On Friday, many managed service providers (MSPs) started experiencing potential attack and it was confirmed to be a ransomware attack [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":1714,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"no-sidebar","site-content-layout":"default","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":""},"categories":[1],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Huge supply chain attack affects 200 MSP&#039;s with REvil ransomware<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Huge supply chain attack affects 200 MSP&#039;s with REvil ransomware\" \/>\n<meta property=\"og:description\" content=\"On Friday, many managed service providers (MSPs) started experiencing potential attack and it was confirmed to be a ransomware attack [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/\" \/>\n<meta property=\"og:site_name\" content=\"Attack Secure\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-05T07:24:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-09T11:16:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"720\" \/>\n\t<meta property=\"og:image:height\" content=\"340\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Isa Aliu\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Isa Aliu\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/\"},\"author\":{\"name\":\"Isa Aliu\",\"@id\":\"https:\/\/www.attack-secure.com\/#\/schema\/person\/def74576467d67533dbca8f91cb3790c\"},\"headline\":\"Huge supply chain attack affects 200 MSP&#8217;s with REvil ransomware\",\"datePublished\":\"2021-07-05T07:24:50+00:00\",\"dateModified\":\"2023-01-09T11:16:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/\"},\"wordCount\":1127,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.attack-secure.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware.jpg\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/\",\"url\":\"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/\",\"name\":\"Huge supply chain attack affects 200 MSP's with REvil ransomware\",\"isPartOf\":{\"@id\":\"https:\/\/www.attack-secure.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware.jpg\",\"datePublished\":\"2021-07-05T07:24:50+00:00\",\"dateModified\":\"2023-01-09T11:16:49+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/#primaryimage\",\"url\":\"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware.jpg\",\"contentUrl\":\"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware.jpg\",\"width\":720,\"height\":340,\"caption\":\"Huge supply chain attack affects 200 MSPs with REvil ransomware\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.attack-secure.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Huge supply chain attack affects 200 MSP&#8217;s with REvil ransomware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.attack-secure.com\/#website\",\"url\":\"https:\/\/www.attack-secure.com\/\",\"name\":\"Attack Secure\",\"description\":\"Protecting you against cyber attacks!\",\"publisher\":{\"@id\":\"https:\/\/www.attack-secure.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.attack-secure.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.attack-secure.com\/#organization\",\"name\":\"TECHNUX SMC PVT LIMITED\",\"url\":\"https:\/\/www.attack-secure.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.attack-secure.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/01\/AttackSecure-1.png\",\"contentUrl\":\"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/01\/AttackSecure-1.png\",\"width\":471,\"height\":166,\"caption\":\"TECHNUX SMC PVT LIMITED\"},\"image\":{\"@id\":\"https:\/\/www.attack-secure.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.attack-secure.com\/#\/schema\/person\/def74576467d67533dbca8f91cb3790c\",\"name\":\"Isa Aliu\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.attack-secure.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/60233e8cca33021ffe2a985913ce95c6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/60233e8cca33021ffe2a985913ce95c6?s=96&d=mm&r=g\",\"caption\":\"Isa Aliu\"},\"description\":\"Isa is a security and privacy advocate with more than 10 years of writing experience under his belt. He is extremely familiar when it comes to antivirus software, VPNs, password managers, and cloud storage services. He also holds a Bachelor of Arts (BA), English Literature With Creative Writing from the University of Newcastle. Apart from being a master with words, Isa is also known for his unique ability to break down the hardest and most complicated of concepts in the simplest of languages.\",\"url\":\"https:\/\/www.attack-secure.com\/author\/isa-aliu\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Huge supply chain attack affects 200 MSP's with REvil ransomware","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/","og_locale":"en_US","og_type":"article","og_title":"Huge supply chain attack affects 200 MSP's with REvil ransomware","og_description":"On Friday, many managed service providers (MSPs) started experiencing potential attack and it was confirmed to be a ransomware attack [&hellip;]","og_url":"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/","og_site_name":"Attack Secure","article_published_time":"2021-07-05T07:24:50+00:00","article_modified_time":"2023-01-09T11:16:49+00:00","og_image":[{"width":720,"height":340,"url":"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware.jpg","type":"image\/jpeg"}],"author":"Isa Aliu","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Isa Aliu","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/#article","isPartOf":{"@id":"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/"},"author":{"name":"Isa Aliu","@id":"https:\/\/www.attack-secure.com\/#\/schema\/person\/def74576467d67533dbca8f91cb3790c"},"headline":"Huge supply chain attack affects 200 MSP&#8217;s with REvil ransomware","datePublished":"2021-07-05T07:24:50+00:00","dateModified":"2023-01-09T11:16:49+00:00","mainEntityOfPage":{"@id":"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/"},"wordCount":1127,"commentCount":0,"publisher":{"@id":"https:\/\/www.attack-secure.com\/#organization"},"image":{"@id":"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware.jpg","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/","url":"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/","name":"Huge supply chain attack affects 200 MSP's with REvil ransomware","isPartOf":{"@id":"https:\/\/www.attack-secure.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/#primaryimage"},"image":{"@id":"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware.jpg","datePublished":"2021-07-05T07:24:50+00:00","dateModified":"2023-01-09T11:16:49+00:00","breadcrumb":{"@id":"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/#primaryimage","url":"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware.jpg","contentUrl":"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware.jpg","width":720,"height":340,"caption":"Huge supply chain attack affects 200 MSPs with REvil ransomware"},{"@type":"BreadcrumbList","@id":"https:\/\/www.attack-secure.com\/huge-supply-chain-attack-affects-200-msps-with-revil-ransomware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.attack-secure.com\/"},{"@type":"ListItem","position":2,"name":"Huge supply chain attack affects 200 MSP&#8217;s with REvil ransomware"}]},{"@type":"WebSite","@id":"https:\/\/www.attack-secure.com\/#website","url":"https:\/\/www.attack-secure.com\/","name":"Attack Secure","description":"Protecting you against cyber attacks!","publisher":{"@id":"https:\/\/www.attack-secure.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.attack-secure.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.attack-secure.com\/#organization","name":"TECHNUX SMC PVT LIMITED","url":"https:\/\/www.attack-secure.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.attack-secure.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/01\/AttackSecure-1.png","contentUrl":"https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/01\/AttackSecure-1.png","width":471,"height":166,"caption":"TECHNUX SMC PVT LIMITED"},"image":{"@id":"https:\/\/www.attack-secure.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.attack-secure.com\/#\/schema\/person\/def74576467d67533dbca8f91cb3790c","name":"Isa Aliu","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.attack-secure.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/60233e8cca33021ffe2a985913ce95c6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/60233e8cca33021ffe2a985913ce95c6?s=96&d=mm&r=g","caption":"Isa Aliu"},"description":"Isa is a security and privacy advocate with more than 10 years of writing experience under his belt. He is extremely familiar when it comes to antivirus software, VPNs, password managers, and cloud storage services. He also holds a Bachelor of Arts (BA), English Literature With Creative Writing from the University of Newcastle. Apart from being a master with words, Isa is also known for his unique ability to break down the hardest and most complicated of concepts in the simplest of languages.","url":"https:\/\/www.attack-secure.com\/author\/isa-aliu\/"}]}},"uagb_featured_image_src":{"full":["https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware.jpg",720,340,false],"thumbnail":["https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware-150x150.jpg",150,150,true],"medium":["https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware-300x142.jpg",300,142,true],"medium_large":["https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware.jpg",720,340,false],"large":["https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware.jpg",720,340,false],"1536x1536":["https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware.jpg",720,340,false],"2048x2048":["https:\/\/www.attack-secure.com\/wp-content\/uploads\/2021\/07\/Huge-supply-chain-attack-affects-200-MSPs-with-REvil-ransomware.jpg",720,340,false]},"uagb_author_info":{"display_name":"Isa Aliu","author_link":"https:\/\/www.attack-secure.com\/author\/isa-aliu\/"},"uagb_comment_info":0,"uagb_excerpt":"On Friday, many managed service providers (MSPs) started experiencing potential attack and it was confirmed to be a ransomware attack [&hellip;]","_links":{"self":[{"href":"https:\/\/www.attack-secure.com\/wp-json\/wp\/v2\/posts\/1704"}],"collection":[{"href":"https:\/\/www.attack-secure.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.attack-secure.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.attack-secure.com\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.attack-secure.com\/wp-json\/wp\/v2\/comments?post=1704"}],"version-history":[{"count":1,"href":"https:\/\/www.attack-secure.com\/wp-json\/wp\/v2\/posts\/1704\/revisions"}],"predecessor-version":[{"id":2366,"href":"https:\/\/www.attack-secure.com\/wp-json\/wp\/v2\/posts\/1704\/revisions\/2366"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.attack-secure.com\/wp-json\/wp\/v2\/media\/1714"}],"wp:attachment":[{"href":"https:\/\/www.attack-secure.com\/wp-json\/wp\/v2\/media?parent=1704"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.attack-secure.com\/wp-json\/wp\/v2\/categories?post=1704"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.attack-secure.com\/wp-json\/wp\/v2\/tags?post=1704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}