In July, the ransomware group REvil, aka Sodinokibi, attacked managed service providers (MSPs) and their customers around the world in a major cyberattack, making thousands of companies potential victims of ransomware. Kaspersky researchers have already observed over 5.000 infection attempts in Europe, North and South America.
With its own Threat Intelligence Service, Kaspersky was able to identify more than 5.000 attempted attacks by the ransomware-as-a-Service (RaaS) operator REvil in 22 countries. Most of the attack attempts were made in the following five countries:
- Italy (45,2 percent)
- USA (25,9 percent)
- Colombia (14,8 percent)
- Germany (3,2 percent)
- Mexico (2,2 percent)
Vladimir Kuskov, Head of Threat Exploration at Kaspersky, comments on the attack as follows
“After the attacks, including on Colonial Pipeline and JBS, ransomware groups and their partners continue to increase their efforts with regard to high-profile attacks. This time around, REvil operators carried out a massive attack on MSPs with thousands of managed companies around the world, infecting them as well. This attack shows once again how important it is for companies to implement suitable cybersecurity measures and solutions at all levels - including suppliers and partners. "
Kaspersky products detect and protect against this threat with the following names:
- UDS: DangerousObject.Multi.Generic
- Trojan-Ransom.Win32.Gen.gen
- Trojan-Ransom.Win32.Sodin.gen
- Trojan-Ransom.Win32.Convagent.gen
- PDM: Trojan.Win32.Generic (with behavior detection)
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/