Fake Windows Update Targets Kaseya Ransomware Victims

While the companies that are victims of the ransomware launched against the American company Kaseya are struggling to recover, hackers have decided to target them with a new campaign of malicious emails. The hackers claim to propose a fix for the vulnerability in Kaseya’s software. In fact, these emails contain other malware.

Clearly, fate has decided to persevere. As you may know, hackers have carried out one of the largest cyber attacks in history against Kaseya, an American company specializing in the development of network management software. Thanks to a flaw they exploited in one of Kaseya’s most widely used software, hackers were able to broadcast ransomware on a huge number of machines.

In the end, the operation affected thousands of companies (clients of Kaseya) around the world, like the Swedish retail stores Coop which had to close their doors after the cyber attack. The crate system was blocked by the famous ransomware deployed by the Russian hacker group REvil. And while hackers are still waiting for the 70 million dollars in Bitcoin they have claimed, the US authorities are continuing their investigation.

#Redlinestealer using #Covenant framework.https://t.co/cm82KT8HSX

C2: qwerty[.]3eehj3wdhdhjww3r3dkjd[.]online pic.twitter.com/BVvx8nd6x4

— Malwarebytes Threat Intelligence (@MBThreatIntel) July 7, 2021

KASEYA RANSOMWARE VICTIMS TARGETED BY ANOTHER ATTACK

And for their part, the affected companies are struggling to regain possession of their computer system, whose access is now blocked by ransomware. But obviously, this was not enough in the eyes of another group of hackers, who just launched a new campaign of malicious e-mails against ransomware victims.

Discovered by Malwarebytes’ computer security researchers, this new campaign claims to propose a fix for the flaw present in Kaseya’s software, via a Windows update. In reality, these emails carry an attachment containing Cobalt Strike, a platform that offers hackers a point of entry into a system to spread viral loads.

“Guys, please install the Microsoft update to protect you from ransomware as soon as possible. This update addresses a vulnerability against Kaseya,” reads the malicious email. For the time being, the identity of the group of pirates responsible for this campaign is not known. As a reminder, the United States has hardened its ransomware policy. The US authorities consider these cyber-attacks to be terrorism, and their perpetrators may therefore be subject to similar sanctions (life or death penalty depending on the state).

Add Comment