A Statement on the Kaseya Ransomware Attack

Just before US offices closed for the Fourth of July holiday, the MSP vendor Kaseya was hit by a huge ransomware attack. The organization behind the attack is REvil, a Russian-linked Ransomware-as-a-Service operation that first surfaced in May 2020. In 2021, they have been attached to a number of high-profile attacks. This breach is still ongoing, but we want to alert our customers to the actions that we have taken at DNSFilter to best secure our customers. 

We want to reiterate that if you are a Kaseya customer to follow their advice:

“Our guidance continues to be that users follow Kaseya’s recommendation to shut down VSA servers immediately, to adopt CISA’s mitigation guidance, and to report if you have been affected to the IC3.”

Initial Domain Flagged

At 3:56 p.m. ET on July 2, DNSFilter categorized the first known URL as malware after it was first posted at roughly 3:19 p.m. ET: decoder[dot]re

Prior to our categorization of this domain, there was no traffic to this domain on our network.

Config file with over 1,000 domains disclosed

Early on July 3, a config file was released for the Kaseya attack that included a list of over 1,200 command and control domains. As of 3:58 a.m. ET on July 3, DNSFilter is categorizing all of these domains as malicious.

To ensure you’re protected from these domains sending DNS queries from your system, ensure you have the following DNS threat protection in place (at a minimum) on our network:

block dns threats


As more information is released or we have additional updates related to actions we are taking at DNSFilter to protect our customers, we will update this blog post.

Update on July 9, 2021: We have shared more information about the CNC domains used in the Kaseya ransomware attack.

Search
  • There are no suggestions because the search field is empty.
Latest posts
The Differences Between DNS Security and Protective DNS The Differences Between DNS Security and Protective DNS

When researchers talk about DNS security, they often refer to anything that protects DNS infrastructure. Although protective DNS and DNS security fall under the cybersecurity umbrella, protective DNS takes a different approach to cybersecurity than standard DNS security. Both security strategies are important for the stability of your business, but protective DNS reduces risks from your weakest link–human error. Protective DNS is critical for you...

Cisco Umbrella RC End-of-Life: What You Need to Know Cisco Umbrella RC End-of-Life: What You Need to Know

The impending Cisco Umbrella RC End-of-Life has many Umbrella users concerned about their next steps and questioning which protective DNS solution might be able to fill the gap for their organization.

Cybersecurity Briefing | A Recap of Cybersecurity News in October 2023 Cybersecurity Briefing | A Recap of Cybersecurity News in October 2023

Industry State of the Art

This month there was a high level of focus on compliance issues spanning several focus areas from governments and oversight agencies around the world.  And while there were actions taken with regard to specific vulnerabilities, a larger spotlight was placed on bigger picture security considerations in a more general context.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.