Cyber Resilience

Kaseya VSA mass ransomware (REvil) (KASEYA-2021)

Supply-chain compromise · disclosed 2021-07-02 · region: US · primary attribution: MISP-24bd9a4b

Sectors touched: Software Publishers

REvil exploited a zero-day in Kaseya VSA RMM software to push ransomware to ~1,500 downstream MSP customers — among them Coop (Sweden) which closed ~800 grocery stores for days. The July 4 timing maximised disruption.

Supply-chain flow

ATTACKERCOMPROMISED VENDORDOWNSTREAM VICTIMSMISP-24bd9a4bMISP-24bd9a4bKaseyaKaseya~1,500 MSP customers~1,500 MSP customers

Trojanised Kaseya reached ~1,500 MSP customers downstream.

Named victims

CVEs linked to this incident

Linked sources

This canonical entry pulls together coverage from the other data layers — curated narrative above; raw sources below.

Sources

« All landmark incidents  ·  All actors  ·  All victims