Researchers at Malwarebytes say they found an email that poses as a patch for the Kaseya attack, but contains a malicious link and an attachment, purporting to have come from Microsoft.
Florida-based IT firm Kaseya was hit by a ransomware attack earlier this month affecting nearly 1,500 businesses in multiple countries. Hackers demanded $70 million in payment to restore the data in what was called the biggest ransomware attack on record.
(Subscribe to our Today’s Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Now, researchers at Malwarebytes say they found an email that poses as a patch for the Kaseya attack, but contains a malicious link and an attachment, purporting to have come from Microsoft. It is urging users to install the update to fix the vulnerability. The email appears to be a reply that is part of an email thread to make users believe that the message is from a genuine source.
It reads, “Guys, please install the update from Microsoft to protect against ransomware as soon as possible. This is fixing a vulnerability in Kaseya.”
On further investigation, Malwarebytes team found that the location where the payload is hosted is the same IP address used in another malspam campaign that was pushing Dridex, a known information stealer.
While Kaseya has released patch for the flaws exploited by REvil, it advised that all companies should get patches straight from the vendor.