REvil ransomware 'supply chain' attack outbreak stems from a malicious Kaseya update

REvil ransomware has gained access to the infrastructure of Kaseya, a provider of remote management solutions.

REvil ransomware is using a malicious Kaseya update to deploy ransomware on various enterprise networks. This incident is believed to have impacted thousands of companies across the globe.

Security researchers have informed that on host systems, the ransomware disables local antivirus solutions and deploys a fake windows defender app that executes the actual ransomware binary used for encrypting victim's files.

The attack was affecting more than 1,000 businesses in a ripple effect; the attack is focused on managed service providers, but these providers offer IT services to other companies that may now be affected as well.

NPAV recommends users to keep their antivirus solutions updated and install NPAV on all of your devices to enjoy best-in-class cyber security features.

Use NPAV and join us on a mission to secure the cyber world.