{"id":41653,"date":"2021-07-07T20:55:00","date_gmt":"2021-07-07T20:55:00","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities---threats\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/d\/d-id\/1341496"},"modified":"2021-07-07T20:55:00","modified_gmt":"2021-07-07T20:55:00","slug":"attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/","title":{"rendered":"Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<header><\/header>\n<p><span class=\"strong black\">Automation allowed a REvil affiliate to move from exploitation of vulnerable servers to installing ransomware on downstream companies faster than most defenders could react.<\/span><\/p>\n<p class>Sometime after 14:30 UTC on Friday, July 2, network traffic combining three vulnerabilities started compromising scores of Internet-connected Kaseya Virtual System Administrator (VSA) servers hosted by managed service providers. The attackers&#8217; code synchronized to a specific time and then hibernated.<\/p>\n<p>At 4:30 p.m. UTC, all within the same second, the compromised servers woke up and ran a command script that disabled a variety of security controls and sent malicious payloads to every system managed by those servers, according to an analysis conducted by Huntress Labs. While security firms are still sifting through the data, reverse engineering has revealed that the attack \u2014 from the first packets exploiting dozens of VSA servers, to the deployment of ransomware on the endpoints of hundreds to thousands of MSP customers \u2014 took less than two hours.<\/p>\n<p>The speed of automation gave managed service providers and their customers only a very narrow window in which to detect attacks and block them, says John Hammond, a senior threat researcher for Huntress Labs. Companies would have to run frequent monitoring and alerts to have caught the changes, he says.<\/p>\n<p>&#8220;Unfortunately, this form of hyperactive logging and detection is rare \u2014 managed service providers often don&#8217;t have the resources, let alone the personnel to frequently monitor massive components of their software and stack,&#8221; Hammond says. &#8220;With that said, the efficacy and potential for human-powered threat hunters is never something to be left out of the equation.&#8221;<\/p>\n<p>The quick turnaround of the attack underscores the compressed timeline for defenders to respond to automated attacks. The REvil group and its affiliates, who are thought responsible for the attack, scanned for Internet-connected VSA servers and, when found, sent the initial exploit, which chained three vulnerabilities.&nbsp;<\/p>\n<p>At 14:48 UTC on Friday, July 2, the first packets started hitting on-premise Kaseya VSA servers, <a href=\"https:\/\/www.huntress.com\/blog\/rapid-response-kaseya-vsa-mass-msp-ransomware-incident\" target=\"_blank\" rel=\"noopener\">according to logs collected from affected MSPs by Huntress Labs<\/a>. The exploited flaws included an authentication bypass, an arbitrary file upload, and a command injection. The activity continued, until the hibernating processes reactivated at 16:30 UTC, and antivirus firms suddenly started seeing spikes in detections of the ransomware payload.&nbsp;<\/p>\n<p>In the hour after the attack&#8217;s activation, between 16:30 and 17:30 UTC, antivirus firm Sophos detected a massive spike in blocked ransomware activity on its endpoints.&nbsp;<\/p>\n<p>&#8220;We started seeing telemetry immediately as the client systems started getting hit,&#8221; says Sean Gallagher, senior threat researcher at Sophos. &#8220;The telemetry spiked all at one time, in a very small time window.&#8221; After that, the attack most went quiet, he says.<\/p>\n<p>Because Kaseya VSA manages other systems, the software not only has higher privileges \u2014 usually administrator privileges \u2014 on other systems but also often has exclusions in place so that antivirus software does not flag its activity as malicious. The command-line script that executed at 16:30 UTC on Friday ran a PowerShell script, disabling many security measures, loading in certificates, and running a malicious executable disguised as a certificate, agent.crt.<\/p>\n<p>The final insult: The attackers installed in an obsolete version of Microsoft&#8217;s antivirus program, Defender, to load in the final ransomware payload.<\/p>\n<p>&#8220;It uses an antivirus product to load a virus,&#8221; Sophos&#8217; Gallagher says. &#8220;It dropped an obsolete version of Windows Defender that is susceptible to side-load attacks &#8230; and installs a malicious DLL [dynamic linked library] that is named the same as a DLL that Windows Defender would load.&#8221; Because that was a piece of code signed by Microsoft, it would evade some malware protection as it looks like a legitimate piece of code, even though it is over 6 years old.<\/p>\n<p>The Dutch Institute for Vulnerability Disclosure (DIVD), which had found at least one of the vulnerabilities used in the attack, <a href=\"https:\/\/csirt.divd.nl\/2021\/07\/07\/Kaseya-Limited-Disclosure\/\" target=\"_blank\" rel=\"noopener\">published more information on the issues on July 7<\/a>. The vulnerabilities were discovered in April, disclosed to Kaseya, and DIVD had worked with the company while it shored up its security and started producing patches.&nbsp;<\/p>\n<p>Overall, Kaseya has not &#8220;been slacking&#8221; and did everything that DIVD expected of them, says Victor Gevers, chairman of DIVD. The company did not have the security processes in place in April to handle the requirements of patching and incident response, but quickly ramped up, he says.<\/p>\n<p>&#8220;If you go back through the timeline, a few days after notification, they knew they needed to hire more security people, and they did,&#8221; he says. &#8220;It showed that their security posture was not up to par yet.&#8221;<\/p>\n<p>On Monday, Kaseya <a href=\"https:\/\/www.kaseya.com\/potential-attack-on-kaseya-vsa\/\" target=\"_blank\" rel=\"noopener\">estimated that fewer than 60 customers<\/a>, each using the on-premises version of the VSA server, had been affected, with fewer than 1,500 total downstream businesses affected. In interviews, security experts expected that number to rise.&nbsp;<\/p>\n<p>As of 8 a.m. ET on July 7, Kaseya continued to have problems patching the issue and has delayed rolling out a fix to on-premises customers.<\/p>\n<p>While the attackers claim that more than a million endpoints were encrypted by the ransomware, the number is likely overblown, say security experts. However, many companies have suffered disruption due to the attack. The Swedish grocery chain Coop had to close several hundreds of stores on Saturday because of the ransomware attack, and several schools in New Zealand were affected, <a href=\"https:\/\/www.reuters.com\/technology\/coop-other-ransomware-hit-firms-could-take-weeks-recover-say-experts-2021-07-05\/\" target=\"_blank\" rel=\"noopener\">according to a Reuters report<\/a>.&nbsp;<\/p>\n<p>The Biden administration maintained on Tuesday that the attack did minimal damage to US businesses, but intends to put increasing pressure on Russia to curb attackers that act from within its borders. &#8220;If the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own,&#8221; White House press secretary Jen Psaki said Tuesday, <a href=\"https:\/\/www.washingtonpost.com\/national-security\/ransomware-biden-russia\/2021\/07\/06\/ff52a9de-de72-11eb-b507-697762d090dd_story.html\" target=\"_blank\" rel=\"noopener\">according to the Washington Post<\/a>.<\/p>\n<p>The attack could have been worse. At the onset, about 2,200 vulnerable VSA servers were connected to the Internet, according to data from DIVD. Without a patch from Kaseya, or even a notification or workaround, the MSPs hosting those servers would have been hard pressed to defend against the attack, says Corey Nachreiner, chief security officer at WatchGuard Technologies.<\/p>\n<p>&#8220;In many cases, there are no real protections against zero-day network exploits, which may leave people blind to the indicators of that attack until after that fact,&#8221; he says. &#8220;That said, there are security solutions that did detect the ransomware involved and could prevent it from an individual endpoint perspective.&#8221;<\/p>\n<p>While the use of a previously unknown vulnerability and the fast, automated attack may lead to many calling the attack a zero-day exploit, Huntress Labs&#8217; Hammond takes issue with that description.<\/p>\n<p>&#8220;In my mind, a zero-day is defined as the defenders having zero days to prepare. But Kaseya had already been working with DIVD, so I have to put an asterisk around the notion they had zero days to prepare.&#8221;<\/p>\n<p>The small and midsize business clients of the managed service providers subscribed to their services because they did not have the expertise to manage their own technology. The vendors and MSPs need to take responsibility for their security, Hammond says.<\/p>\n<p>&#8220;We have been a bit vocal about these services, by design, giving administrative access and godlike superpowers on all the potential clients,&#8221; he says. &#8220;Vendors and companies, including us, have to review the source code, having that internal red teaming, and being absolute certain to make sure that the technology is hardened to the world and secure.&#8221;<\/p>\n<p><span class=\"italic\">Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT&#8217;s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=1161\">View Full Bio<\/a><\/span><\/p>\n<p><strong>Recommended Reading:<\/strong><\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities---threats\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/d\/d-id\/1341496?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Automation allowed a REvil affiliate to move from exploitation of vulnerable servers to installing ransomware on downstream companies faster than most defenders could react. Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities---threats\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/d\/d-id\/1341496?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-41653","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-07T20:55:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours\",\"datePublished\":\"2021-07-07T20:55:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/\"},\"wordCount\":1284,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/\",\"name\":\"Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\",\"datePublished\":\"2021-07-07T20:55:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/#primaryimage\",\"url\":\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\",\"contentUrl\":\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/","og_locale":"en_US","og_type":"article","og_title":"Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-07-07T20:55:00+00:00","og_image":[{"url":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours","datePublished":"2021-07-07T20:55:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/"},"wordCount":1284,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/","url":"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/","name":"Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","datePublished":"2021-07-07T20:55:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/#primaryimage","url":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","contentUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/41653","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=41653"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/41653\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=41653"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=41653"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=41653"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}