Ransom Requested: $70 Million
The REvil gang in July pulled off one of the biggest ransomware heists, exploiting a flaw in Miami-based Kaseya’s on-premise VSA remote monitoring and management tool to compromise nearly 60 MSPs and encrypt the data and demand ransom payments from up to 1,500 of their end user customers. The hack allowed REvil to leverage VSA’s standard functionality and deploy ransomware to customer endpoints.
The attack left more than 36,000 MSPs without access to Kaseya‘s flagship VSA product for nearly 10 days as the company worked on a patch for the on-premises version of VSA and kept the more widely used SaaS version of VSA offline as a precautionary measure. REvil has made the largest ransom ask of all-time July 4, demanding $70 million to provide a universal decryptor to all victims of the cyberattack.
Nineteen days after the attack, Kaseya obtained the universal decryptor key without having to pay the ransom and set about helping compromised customers unlock ransomed files with the help of Emsisoft. In November, the Department of Justice arrested Ukrainian Yaroslav Vasinski for conducting the hack and charged Russian Yevginiy Polyanin with conspiracy to commit fraud in connection with the attack.