Outbreak Alert

REvil Ransomware

Released: Jul 08, 2021

High Severity

Ransomware Type

Targeting the Kaseya VSA Vulnerability

A recent high profile exploit involing Kaseya VSA product was linked to the REvil ransomware. This report summarizes the Fortinet Security Fabric coverage for the REvil ransomware itself. Refer to the separate report for more detail about the Kaseya vulnerability. Learn More »

Common Vulnerabilities and Exposures

CVE-2021-30116
CVE-2021-30119
CVE-2021-30110
CVE-2019-19781
CVE-2019-11510
CVE-2019-11539
CVE-2018-13379

Background

Kaseya is a high profile outbreak, with information still pending to be released regarding the initial vulnerability that was compromised. REvil is a known ransomware group/family that has been used in the past, and is part of existing security coverage by multiple Fortinet security products. Recently, it has been used by attackers targeting the high profile Kaseya VSA vulnerability, to demand ransom from many global organizations including MSPs who represent many hundred or thousand customers underneath. This report focusses specifcally on the REvil ransomware protection and IOC detections by the Security Fabric products.

Threat Radar Overall Score:

	CVSS Rating	10.0
	FortiRecon Score	96/100
	Known Exploited	Yes
	Exploit Prediction Score	97.54%
	FortiGuard Telemetry	3

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

July 5: REvil ransomware gang takes credit for the Kaseya attack -
https://gizmodo.com/revil-gang-takes-credit-for-massive-kaseya-attack-and-a-1847232663

Refer to the Kaseya timeline for the latest status of the on-premise patch and restoration of their SaaS service:
https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

AV
AV (Pre-filter)
Behavior Detection
Post-execution

DETECT

Outbreak Detection
IOC
Threat Hunting

RESPOND

Assisted Response Services
Automated Response

RECOVER

NOC/SOC Training
End-User Training

IDENTIFY

Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

Loading ...

References

Sources of information in support and relation to this Outbreak and vendor.

Medium.com

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners