{"id":2727,"date":"2021-07-04T15:33:09","date_gmt":"2021-07-04T13:33:09","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=2727"},"modified":"2026-06-08T22:59:20","modified_gmt":"2026-06-08T22:59:20","slug":"ransomware-supply-chain-attack","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/emerging-threats\/ransomware-supply-chain-attack\/","title":{"rendered":"Ransomware and Supply Chain Attack"},"content":{"rendered":"\n<div class=\"wp-block-media-text alignwide\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2021\/07\/image-1024x456.png\" alt=\"\" class=\"wp-image-2729\" loading=\"lazy\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p class=\"has-large-font-size wp-block-paragraph\">A ransomware attack compromised <a href=\"https:\/\/www.kaseya.com\/potential-attack-on-kaseya-vsa\/\" class=\"ek-link\">Kaseya<\/a>, a software development company providing IT management and support services delivered in MSP mode. Following the pattern observed during the SolarWinds incident, threat actors targeted the software vendor by injecting malicious code into a fraudulent product update.<\/p>\n<\/div><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">By compromising Kaseya, the attackers gained access to the networks of all customers. This attack category is designated a &#8220;<strong>Supply Chain Attack<\/strong>&#8220;.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">U.S. President Joe Biden addressed the cyber incident, stating: &#8220;Initial assessment suggested it was not the Russian government, but we are not certain&#8221;.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Impact Assessment<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">This ransomware attack resulted in operational disruption affecting at least a dozen IT support firms relying on Kaseya&#8217;s remote management tool. In at least one case, threat actors demanded a ransom of <strong>5 million dollars<\/strong>. Estimates indicate approximately 1 000 small and medium-sized enterprises were impacted by the attack.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Malware analysis conducted by security firm Emsisoft attributed the payload to REvil, the ransomware operation that U.S. officials have linked to the JBS Foods compromise.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Technical Intelligence<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The ransomware variant deployed for system encryption is REvil. The following technical indicators and IOCs have been associated with this campaign and are tracked through <a href=\"https:\/\/fortgale.com\/en\/cybersecurity-advisory\/\">Cybersecurity Advisory<\/a> channels.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">File names associated with compromise:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">c:\\kworking\\agent.exe\nC:\\kworking\\agent.crt<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">File hashes:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">36a71c6ac77db619e18f701be47d79306459ff1550b0c92da47b8c46e2ec0752\n7ea501911850a077cf0f9fe6a7518859\ne1d689bf92ff338752b8ae5a2e8d75586ad2b67b\ne2a24ab94f865caeacdf2c3ad015f31f23008ac6db8312c2cbfb32e4a5466ea2\n0299e3c2536543885860c7b61e1efc3f\n682389250d914b95d6c23ab29dffee11cb65cae9\ndf2d6ef0450660aaae62c429610b964949812df2da1c57646fc29aa51c3f031e\n835f242dde220cc76ee5544119562268\n8118474606a68c03581eef85a05a90275aa1ec24\ndc6b0e8c1e9c113f0364e1c8370060dee3fcbe25b667ddeca7623a95cd21411f\n849fb558745e4089a8232312594b21d2\n1bcf1ae39b898aaa8b6b0207d7e307b234614ff6\nd8353cfc5e696d3ae402c7c70565c1e7f31e49bcf74a6e12e5ab044f306b4b20\n561cffbaba71a6e8cc1cdceda990ead4\n5162f14d75e96edb914d1756349d6e11583db0b0\nd55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e\n4a91cb0705539e1d09108c60f991ffcf\n7895e4d017c3ed5edb9bf92c156316b4990361eb\nd5ce6f36a06b0dc8ce8e7e2c9a53e66094c2adfc93cfac61dd09efe9ac45a75f\n7d1807850275485397ce2bb218eff159\n45c1b556f5a875b71f2286e1ed4c7bd32e705758\ncc0cdc6a3d843e22c98170713abf1d6ae06e8b5e34ed06ac3159adafe85e3bd6\n8535397007ecb56d666b666c3592c26d\n0912b7cecfbe82d6903a8a0dc421c285480e5caa\naae6e388e774180bc3eb96dad5d5bfefd63d0eb7124d68b6991701936801f1c7\n5a97a50e45e64db41049fd88a75f2dd2\n20e3a0955baca4dc7f1f36d3b865e632474add77\n66490c59cb9630b53fa3fa7125b5c9511afde38edab4459065938c1974229ca8\n040818b1b3c9b1bf8245f5bcb4eebbbc\nc0f569fc22cb5dd8e02e44f85168b4b72a6669c3\n0496ca57e387b10dfdac809de8a4e039f68e8d66535d5d19ec76d39f7d0a4402\nbe6c46239e9c753de227bf1f3428e271\n13d57aba8df4c95185c1a6d2f945d65795ee825b\n81d0c71f8b282076cd93fb6bb5bfd3932422d033109e2c92572fc49e4abc2471\na560890b8af60b9824c73be74ef24a46\nc2bb3eef783c18d9825134dc8b6e9cc261d4cca7\n8e846ed965bbc0270a6f58c5818e039ef2fb78def4d2bf82348ca786ea0cea4f\na47cf00aedf769d60d58bfe00c0b5421\n656c4d285ea518d90c1b669b79af475db31e30b1\n8dd620d9aeb35960bb766458c8890ede987c33d239cf730f93fe49d90ae759dd\n18786bfac1be0ddf23ff94c029ca4d63\n3c2b0dcdb2a46fc1ec0a12a54309e35621caa925\n1fe9b489c25bb23b04d9996e8107671edee69bd6f6def2fe7ece38a0fb35f98e<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Convergence of ransomware and supply-chain compromise: amplification mechanics, downstream propagation and defensive priorities for vendors and customers alike.<\/p>\n","protected":false},"author":1,"featured_media":1618,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[39,196,283,3223,3253,3252],"class_list":["post-2727","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emerging-threats","tag-attack","tag-kaseya","tag-ransomware","tag-supply-chain-attack","tag-third-party-risk","tag-vendor-risk"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/2727","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=2727"}],"version-history":[{"count":1,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/2727\/revisions"}],"predecessor-version":[{"id":9891,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/2727\/revisions\/9891"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=2727"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=2727"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=2727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}