Update on REvil's exploitation of Kaseya VSA.
Kaseya has completed addressing the three vulnerabilities REvil exploited at the beginning of the month. (Threatpost summarizes the fixes, and IGI places them in perspective,) Customers continue what Venture Beat calls their "long slog to recovery."
The general consensus is that REvil operates with at the least the knowledge of, and probably with the tacit approval and encouragement, of the Russian government. The joint enforcement action the US has requested of Russia has not materialized, GovInfoSecurity notes. Moscow is standing on ceremony as it expresses its commitment to the rule of law (as the Register puts it, "with a straight face") but so far there are few if any signs of Russian authorities taking action against the gangs that operate with impunity from its territory.
We conclude our special coverage of REvil today, but will reopen it as developments require. The CyberWire's coverage of the incident so far may be found here:
- The Kaseya ransomware attack: history and industry reaction (7.6.21).
- Developments in the Kaseya ransomware attack: recovery and response (7.7.21).
- Kaseya: assessment and lessons learned (7.8.21).
- REvil and Kaseya: response and recovery (7.9.21).
- Kaseya fixes VSA, and the US calls for Russian action against REvil (7.12.21)