Kaseya Ransomware Attack - 5 Key Insights into this Malware campaign

On 2nd July 2021 a ransomware variant known as REVil (also known as SODINOKIBI) infected the systems of multiple businesses due to a compromise of Kaseya's VSA (Virtual System Administrator) platform. This is a remote monitoring and management platform used across Managed Service Providers (MSPs) who manage IT infrastructure on behalf of their clients.

In this video I share 5 key insights into this malware campaign, including 1 which may save you from paying the ransom and lead you to recover your files.

MALWARE SAMPLE
================
https://malshare.com/sample.php?action=detail&hash=561cffbaba71a6e8cc1cdceda990ead4
https://malshare.com/search.php?query=8dd620d9aeb35960bb766458c8890ede987c33d239cf730f93fe49d90ae759dd

LINKS
=====
https://www.bbc.co.uk/news/technology-57707530
https://www.goggleheadedhacker.com/blog/post/sodinokibi-ransomware-analysis#reg-key-creation
https://www.secureworks.com/research/revil-sodinokibi-ransomware
https://www.ubackup.com/windows-10/shadow-copy-windows-10-4348.html
https://twitter.com/fwosar/status/1411281334870368260
https://gist.github.com/fwosar/a63e1249bfccb8395b961d3d780c0354
https://www.bleepingcomputer.com/download/shadowexplorer/
https://www.youtube.com/watch?v=XfAyutRfy2A

https://github.com/cybercdh/hacks/blob/master/checkdomain/checkdomain.go

PATREON
========
If you like my work you can support me on Patreon where you can get access to my Video notes and analysis and also 'My Most Interesting' where I share relevant takes on what's hot in the industry.

https://www.patreon.com/cybercdh

If you liked the video, hit the thumbs up. If you loved it, please SUBSCRIBE for more.

CONNECT
========
As well as SUBSCRIBING here, please consider following me on Twitter
https://twitter.com/cybercdh

Peace!

Colin

Видео Kaseya Ransomware Attack - 5 Key Insights into this Malware campaign канала cybercdh