Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack
Yesterday Sophos and Huntress Labs identified that Kaseya, a remote management provider popular with MSPs, was compromised to deploy a supply chain ransomware attack. A large number of organisations were impacted, including temporarily shutting 800 stores at the CoOp supermarket chain in Sweden.
We have provided a number of resources on our Github that may help Digital Forensics and Incident Response experts responding to these attacks over the weekend:
- Forensic Analysis and Reporing
- Malware Samples
- Decompiled Malware Samples (via retdec)
- PCAP of network traffic capture from an infected system
- Indicators of Compromise and Yara Rules
- Configuration and Ransomware Note
- Full disk captures from an infected system (See Releases)