{
	"id": "390cefdc-25a3-4751-8268-b928a175c371",
	"created_at": "2026-04-10T03:21:47.200284Z",
	"updated_at": "2026-04-10T03:22:18.982967Z",
	"deleted_at": null,
	"sha1_hash": "51e24ef7340343d12d722cb136a885738988f6cf",
	"title": "Kaseya supply chain attack delivers mass ransomware event to US companies",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 808080,
	"plain_text": "Kaseya supply chain attack delivers mass ransomware event to US\r\ncompanies\r\nBy Kevin Beaumont\r\nPublished: 2021-07-05 · Archived: 2026-04-10 03:11:05 UTC\r\n8 min read\r\nJul 2, 2021\r\nKaseya VSA is a commonly used solution by MSPs — Managed Service Providers — in the United States and\r\nUnited Kingdom, which helps them manage their client systems. Kaseya’s website claims they have over 40,000\r\ncustomers.\r\nFour hours ago, an apparent auto update in the product has delivered REvil ransomware.\r\nBy design, it has administrator rights down to client systems — which means that Managed Service Providers\r\nwho are infected then infect their client’s systems.\r\nInfected systems look like this:\r\nPress enter or click to view image in full size\r\nhttps://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b\r\nPage 1 of 2\n\nHow this first unfolded\r\nInitial entry was using a zero day vulnerability in Kaseya VSA. This was CVE-2021–30116 (details have not been\r\nentered into CVE database, however it has been allocated for this). More CVEs may be issued.\r\nSo even if the latest version is used, at time of attack, attackers could remotely execute commands on the VSA\r\nappliance. Technical details of how to exploit the vulnerability are not being provided until the patch is available.\r\nIt is not a great sign that a ransomware gang has a zero day in product used widely by Managed Service Providers,\r\nand shows the continued escalation of ransomware gangs — which I’ve written about before.\r\nSource: https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b\r\nhttps://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b"
	],
	"report_names": [
		"kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b"
	],
	"threat_actors": [],
	"ts_created_at": 1775791307,
	"ts_updated_at": 1775791338,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/51e24ef7340343d12d722cb136a885738988f6cf.pdf",
		"text": "https://archive.orkl.eu/51e24ef7340343d12d722cb136a885738988f6cf.txt",
		"img": "https://archive.orkl.eu/51e24ef7340343d12d722cb136a885738988f6cf.jpg"
	}
}