Kaseya fixes VSA. REvil disappears. Facebook takes down Iranian hacking campaign.
Kaseya fixes VSA (and the US wants Russian action against REvil).
Kaseya this past Sunday afternoon pushed fixes for VSA’s on-premises and SaaS versions. At 8:00 AM the company’s update indicated that patching was proceeding quickly:
“As posted in the previous update we released the patch to VSA On-Premises customers and began deploying to our VSA SaaS Infrastructure prior to the 4:00 PM target. The restoration of services is now complete, with 100% of our SaaS customers live as of 3:30 AM US EDT. Our support teams continue to work with VSA On-Premises customers who have requested assistance with the patch.”
The general consensus is that REvil operates with at the least the knowledge of, and probably with the tacit approval and encouragement, of the Russian government. The joint enforcement action the US has requested of Russia has not materialized, GovInfoSecurity notes. Moscow is standing on ceremony as it expresses its commitment to the rule of law (as the Register puts it, “with a straight face”) but so far there are few if any signs of Russian authorities taking action against the gangs that operate with impunity from its territory.
In an hour-long phone call on Friday, July 9th, US President Biden communicated his expectations concerning ransomware operations to Russian President Putin. Reuters reports that in President Biden’s estimation the call “went well,” and that he expects Russian cooperation against gangs like REvil. Should expected Russian cooperation not be forthcoming, President Biden said the US was prepared to take certain actions on its own. He and Administration officials declined to say what such actions might be. At the White House daily press conference on Friday, Press Secretary Psaki said President Biden “underscored the need for President Putin to take action to disrupt these ransomware groups.”
The CyberWire’s coverage of the incident so far may be found here:
REvil disappears.
REvil’s disappearance early Tuesday morning from its usual online haunts (including the HappyBlog) remains unexplained. The New York Times and others note that the vanishing followed a US request that Russia do something about ransomware gangs operating from its territory, but it’s…