Kaseya Ransomware Attack – Revil Explodes 0-Day Vulnerability in Java Runtime Environment (JRE)
REvil uses 0-Day in Kaseya Ransomware Attack : REvil, an unknown attacker has been able to exploit a vulnerability in the Java Runtime Environment (JRE) to execute a ransom-themed malware called “Binj”. This malicious application was introduced in a new version of REvil that has been used in several recent Kaseya ransomware attacks. Binj is not a new technique, and has been publicly known for quite some time, but it is a new vector of attack and the first attack that Kaseya ransomware has used in the 2 month since the Kaseya ransomware attack in May. Binj was introduced by Kaseya ransomware’s authors, and it is extremely interesting to note that REvil used this same technique during at least Kaseya Ransomware’s recent 2 month long campaign. Binj is an extremely sophisticated ransom-themed malware, and it was created not only to pay for the ransomed data but to also avoid detection because of the nature of it all – a sophisticated ransom-themed malware. Binj is not only successful at not being detected by antivirus and ransomware software, but also effective at doing harm to the system, by making it more difficult for the user to get on-line again. Binj is more powerful than the malware that Kaseya ransomware used in 2016, because it has been designed to send an email with the data about the victim’s Kaseya ransomware attack (and other types of ransom attacks) to a victim’s email address. This email is believed to be the ransom demand email that Kaseya ransomware’s authors are known to send to their victims. The email is meant to be a fake email for the victim in this case, and it is important to note that it is extremely difficult to catch a genuine email as part of a Kaseya ransomware attack, because the ransom demanded email is almost always sent to a different email address. Most antivirus companies will not detect this email and will allow the ransom demand email to come through regardless of whether it was a genuine or fake email.
The Revil ransomware gang and the Kaseya Zero Day vulnerability
The Revil ransomware gang was once thought to be one of the most sophisticated cyber attacks ever, but experts have identified a new ‘major’ Ransomware attack that may be the next in a series of ‘major’ ransomware attacks that began last summer. Kaseya Zero Day has demonstrated serious vulnerabilities in a variety of malware on Microsoft’s Windows operating system that have only become apparent since the ransomware was first publicly released.
“The Revil ransomware gang was once thought to be one of the most sophisticated cyber attacks ever, but experts have identified a new ‘major’ Ransomware attack that may be the next in a series of ‘major’ ransomware attacks that began last summer. Kaseya Zero Day has demonstrated serious vulnerabilities in a variety of malware on Microsoft’s Windows operating system that have only become apparent since the ransomware was first publicly released. We believe that the Revil gang has continued its pattern of cyber theft, and that the attacks themselves are now part of a new, more coordinated wave of attacks,” said Kaseya’s chief security officer, Rob Felt, in a blog post published at the end of August.
“Once the cyber criminals have gained enough victims to pay the ransom, the attackers will be able to force the victims to pay the ransom by hacking the systems of other victims. This is a major step towards more extensive RCEs. The only question is, who will they target first?” he added.
The vulnerabilities in Kaseya, including the Zero Days and Kaseya Zero Day zero day vulnerabilities, have now been identified by Kaseya Zero Day and is being widely reported by various sites and news outlets across the world.
In early September, Kaseya Zero Day began issuing a series of regular advisories that detailed its security vulnerability database. The advisory covered a range of security issues, including the possibility of remote code execution, but highlighted more worrying vulnerabilities for hackers who use the technology.
The Kaseya Zero Day vulnerabilities have now become an ‘established’ Ransomware threat, and the attacks are now being referred to as ‘major’ Ransomware attacks.
How Do I Know The PoC?
In my previous blog post, I described what a PoC is and how you can use a PoC scanner to help you find and remove any known bad software. Today, I’d like to share two more pieces of information that can be used to help you determine if it’s safe to install the software you’re about to purchase.
In short, “PoC” stands for “Pre-Certification of Software”. This is a tool that’s used to verify a software’s cryptographic signatures before you download the software. The idea behind this is that if the software is signed with a known valid certificate, then you should be comfortable that there are no known bugs that would leave the software open to compromise.
But what does this mean for the software that you’re downloading? If the software has already been tested by certified software developers, then you should be confident that it’s not unsafe. You can also use a PoC scanner to help you determine if the software you’re buying is safe to download.
Now, let’s go ahead an find out if there is malware in the software that you’re about to download.
First, it’s important to understand what a Malware is and how to use a PoC scanner to look for malware in the software you’re purchasing. Malware is software that’s malicious and designed to harm computer users.
Update on Kaseya VSA servers
I just made a few updates on the Kaseya VSA (virtual private server) software running on vSphere 5. Some of the previous articles that discuss the VSA have been deleted, as this is only just a security release of the software as a whole. It does provide an updated list of Kaseya products in the product tree, but the software still supports VSA (virtual server add-on), and the virtual server product line in general. But, Kaseya is not the only game in town for VSA support, and it does not address all the problems that have been encountered for VSA support, as some of the issues have been fixed or in some cases there’s no solution for them. The latest issue that has been reported is an outdated support ticket that was created in 2012, yet there is still no current status for that.
The first thing that needs to be mentioned is that the Kaseya VSA has been in production for over a decade. There is no shortage of IT pros who have access to a virtual private server – it is easy to purchase one for less than $50,000. However, the Kaseya VSA is not a ‘plug and play’ solution. If a person has any previous issues with VSA, then the software will detect that and report that to the user. But if someone has the Kaseya VSA already installed, then they are only required to configure the Kaseya VSA. No other configuration is necessary. The Kaseya VSA is used on a variety of virtual servers, but this is not true for all virtual servers, as there are some vendors who only support certain versions of the VSA.
Also, VSA uses a different kind of virtual server that uses different capabilities so they are not the same as the ‘classic’ server. There are many different virtual servers using this approach, such as VMware vSphere, Citrix XenDesktop, virtual servers that are created with Microsoft’s hyper-V, or using HP’s virtual servers.
The Kaseya VSA software is an install and enable software that is only needed if you have VSA and want a guest or full server. You can use it with a standard server that has a virtual server add-on already installed.
Related Posts:
Spread the loveREvil uses 0-Day in Kaseya Ransomware Attack : REvil, an unknown attacker has been able to exploit a vulnerability in the Java Runtime Environment (JRE) to execute a ransom-themed malware called “Binj”. This malicious application was introduced in a new version of REvil that has been used in several recent Kaseya ransomware attacks.…