← All stories

Huntress

Huntress VSA Vaccine | Huntress

2021-07-13 · Read original ↗

ATT&CK techniques detected

6 predictions

T1486Data Encrypted for Impact

94%

"huntress vsa vaccine | huntress july 2, 2021 was one of the more complex and successful ransomware attacks in recent memory. as we ’ ve learned, revil performed a sophisticated, timed attack on kaseya vsa servers to distribute sodinokibi ransomware out to clients and remove trace…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1486Data Encrypted for Impact

94%

"about two hours after the ransomware incidents started, we were alerted to the payload that was used, obfuscated as “ kaseya vsa agent hot - fix ” : our threatops and engineering teams reviewed the payload and were able to pull out some bits of information that would eventually l…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1486Data Encrypted for Impact

75%

"executable doesn ' t prevent that executable from running, but it changes the hash which may be used in automated detection platforms to detect its use. 3. c : \ windows \ cert. exe - decode c : \ kworking \ agent. crt c : \ kworking \ agent. exe using the modified but legitimate…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1204.002Malicious File

74%

"t something we took lightly. however, we saw what felt like an opportunity to help in the time of a crisis, and we knew the vaccine wouldn ’ t cause any damage. because of this, we acted fast and pushed it out to our partners. the vaccine was initially pushed out before 1830 et t…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1204.002Malicious File

51%

"make another version of the agent. exe text file. • • • hopefully, this update helps contribute to the efforts of cybersecurity researchers so we can all be more prepared for the next event. if you need assistance — even if you ' re not a current huntress partner — please contact…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1080Taint Shared Content

36%

"huntress vsa vaccine | huntress july 2, 2021 was one of the more complex and successful ransomware attacks in recent memory. as we ’ ve learned, revil performed a sophisticated, timed attack on kaseya vsa servers to distribute sodinokibi ransomware out to clients and remove trace…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

In this blog, we share details on the vaccine Huntress deployed to our partners to protect them from being infected by the Kaseya VSA ransomware attack.