Kayesa Ransomware Attack: Am I affected by the REvil Ransomware Hack?


The Kayesa ransomware attack has sent shockwaves through the cybersecurity industry. As hundreds of businesses discover they have been affected, people are asking whether or not they have been affected by it. Details are still emerging, but here is everything we know so far about the Kayesa Ransomware attack.

Am I affected by the REvil Ransomware Hack?

At the time of writing, it appears that somewhere between 1000 and 2000 businesses may have compromised by this particular ransomware attack. The attack was focussed on a company called Kayesa, a firm that offers "managed services".

In other words, they provide tech support to firms that are too small to have their own dedicated teams. The upshot of this, is that while a number of businesses have been impacted, it is less likely that individuals have been impacted in their homes. This is simply because they are unlikely to have used this company to provide tech support.

revil kayesa Ransomware attack
click to enlarge

Read More: EA Data Breach: What Data got stolen in EA Hack, and do I need to change my EA Password?

What happened?

As a managed services provider, Kayesa is responsible for providing updates to customers to keep their systems secure. But the Russian hacker group REvil (who have claimed responsibility) found a vulnerability in the Kayesa systems.

This allowed them to use Kayesa to push their malware onto the systems of those customers. Doing this enabled their malware to spread far further and faster than if they had targeted each of those businesses individually. Companies across the world were hit, ranging from supermarkets in Sweden, and schools in New Zealand.

Why is the Kayesa Ransomware attack a big deal?

REvil have demanded $70 million as a ransom, to provide a decryption key. This presents a number of issues. If they get paid, they become incredibly well resourced, and can escalate their activities even further.

And in terms of the specifics of this attack? Well, it appears to be a new type of attack which hasn't been seen before. That's according to Doug Schmidt, as quoted in the Guardian. The fact they've been able to piggyback on the systems that should have been protecting these businesses, is ominous.

Read More: CD Projekt Red hack: Cyberpunk 2077 and Witcher 3 source code reportedly on sale at auction

For more articles like this, take a look at our How To page.