Ransomware news has been steady this week with new tactics, decryptors, the return of ransomware gangs, and likely the largest single ransomware attack in history conducted Friday afternoon.
Friday afternoon, the REvil ransomware gang used a zero-day vulnerability in the Kaseya VSA management software to encrypt MSPs and their customers worldwide.
While Kaseya states that only 40 MSPs were affected, each MSP could potentially have thousands if not millions of individual business customers, making this the most significant ransomware attack ever conducted.
No information about the VSA vulnerability has been released at this time. However, our detailed article about REvil's attack on Kaseya included detailed information regarding how REvil conducted the attack, including IOCs.
One of the first businesses reporting they were affected by the attack is Coop, one of the largest supermarket chains in Sweden.
This week's other news of interest is the return of the Babuk ransomware operation, which previously shut down after publishing the stolen data of Washington DC's Metropolitan Police Department.
We also saw an older version of the Babuk Ransomware build leaked online and used by other threat actors to perform their own cyberattacks.
Finally, a sample of the new REvil Linux encryptor used to encrypt ESXi virtual machines was found, TrickBot is using a ransomware under attack
