Supply chain
β Supply Chain
CISA / NCSC / Wikipedia / Varonis
Primary Source βIncident Details
REvil ransomware gang exploited zero-day SQL injection and auth bypass (CVE-2021-30116) in Kaseya VSA endpoint management software on July 4th weekend 2021. Delivered malicious auto-updates to MSPs who then pushed ransomware to downstream customers. 1500+ companies encrypted across 17 countries. Swedish Coop supermarket chain (800 stores closed), New Zealand kindergartens, Romanian public admin affected. $70M universal decryptor demanded (reduced to $50M). Yaroslav Vasinskyi arrested, convicted 2024, sentenced 13+ years.
Technical Details
- Initial Attack Vector
- CWE-89: SQL Injection in Kaseya VSA web interface (zero-day)
- Vendor / Product
- Kaseya VSA
- Software Package
Kaseya VSA- Malware Family
- REvil / Sodinokibi
- CVE / GHSA References
- CVE-2021-30116
- Supply Chain Attack
- β Confirmed third-party / vendor compromise
Timeline
- 2021-07-02 Breach occurred
- 2021-07-02 Publicly disclosed
- 2021-07-03 Customers notified