• Language chooser
    • USA (English)
    • France (Français)
    • Italy (Italiano)
    • Latin America (Español)
    • Brazil (Portugués)
    • Germany (Deutsch)
    • Korea (한국어)
    • Japan (Beta) (日本語)

REvil Ransomware

Released: Jul 08, 2021

High Severity

Ransomware Type

Targeting the Kaseya VSA Vulnerability

A recent high profile exploit involing Kaseya VSA product was linked to the REvil ransomware. This report summarizes the Fortinet Security Fabric coverage for the REvil ransomware itself. Refer to the separate report for more detail about the Kaseya vulnerability. Learn More »


Kaseya is a high profile outbreak, with information still pending to be released regarding the initial vulnerability that was compromised. REvil is a known ransomware group/family that has been used in the past, and is part of existing security coverage by multiple Fortinet security products. Recently, it has been used by attackers targeting the high profile Kaseya VSA vulnerability, to demand ransom from many global organizations including MSPs who represent many hundred or thousand customers underneath. This report focusses specifcally on the REvil ransomware protection and IOC detections by the Security Fabric products.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

July 5: REvil ransomware gang takes credit for the Kaseya attack -

Refer to the Kaseya timeline for the latest status of the on-premise patch and restoration of their SaaS service:

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

  • AV

  • AV (Pre-filter)

  • Behavior Detection

  • Post-execution

  • Outbreak Detection

  • IOC

  • Threat Hunting

  • Assisted Response Services

  • Automated Response

  • NOC/SOC Training

  • End-User Training

  • Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

Loading ...

Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days


Avg 0


Sources of information in support and relation to this Outbreak and vendor.