{"id":67747,"date":"2021-07-17T11:29:53","date_gmt":"2021-07-17T18:29:53","guid":{"rendered":"https:\/\/forescoutstage.wpengine.com\/?p=67747"},"modified":"2021-07-17T11:34:09","modified_gmt":"2021-07-17T18:34:09","slug":"thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again","status":"publish","type":"post","link":"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/","title":{"rendered":"Thousands of companies compromised by REvil Ransomware \u2013 the supply chain strikes again"},"content":{"rendered":"<p>On July 2, news emerged of a large-scale attack leveraging the Kaseya VSA network monitoring and management solution to deploy a variant of the REvil ransomware. The attackers claimed that more than a million devices had been infected and they demanded $70 million in Bitcoin to publish a tool to decrypt the files of all victims.<\/p>\n<p>Since then Kaseya <a href=\"https:\/\/helpdesk.kaseya.com\/hc\/en-gb\/articles\/4403440684689-Important-Notice-July-2nd-2021\" target=\"new\" rel=\"noopener\">recommended customers to disable on-premise VSA servers immediately<\/a>, took their SaaS offering offline, then released <a href=\"https:\/\/helpdesk.kaseya.com\/hc\/en-gb\/articles\/4403785889041\" target=\"new\" rel=\"noopener\">patches for the on-premise vulnerabilities<\/a> and <a href=\"https:\/\/www.kaseya.com\/potential-attack-on-kaseya-vsa\/\" target=\"new\" rel=\"noopener\">restored the SaaS servers<\/a>.<\/p>\n<p>This recent event is illustrative of three very important trends in the current attacker landscape. First, the rise of <a href=\"https:\/\/weis2021.econinfosec.org\/wp-content\/uploads\/sites\/9\/2021\/06\/weis21-akyazi.pdf\">Cybercrime-as-a-Service<\/a>. Second, the use of ransomware, which is sometimes coupled with extortion and <a href=\"https:\/\/www.cisecurity.org\/blog\/ransomware-the-data-exfiltration-and-double-extortion-trends\/\">threats of publishing exfiltrated data<\/a> to increase financial gains. Third, the leveraging of <a href=\"https:\/\/www.wired.com\/story\/hacker-lexicon-what-is-a-supply-chain-attack\/\">supply-chain components<\/a> to compromise several organizations at the same time, which makes this attack reminiscent of the <a href=\"https:\/\/www.forescout.com\/research-labs\/solarwinds\/\">SolarWinds hack at the end of 2020<\/a>.<\/p>\n<p>Below, we discuss the attack and what Forescout customers should do.<\/p>\n<h2>REvil \u2013 ransomware-as-a-service and the most recent supply-chain attack<\/h2>\n<p>REvil, also known as Sodinokibi, is a <a href=\"https:\/\/news.sophos.com\/en-us\/2021\/06\/11\/relentless-revil-revealed\/\" target=\"new\" rel=\"noopener\">Ransomware-as-a-Service group<\/a>, which means that the same encryption malware can be used by many different affiliate malicious actors who only have to figure out how to compromise target networks and deploy the malware. The revenue is then divided between ransomware developers and affiliates.<\/p>\n<p>Forescout first noticed REvil in <a href=\"https:\/\/www.forescout.com\/company\/blog\/forescout-cyber-weekly-roundup-september-30-2019\/\" target=\"new\" rel=\"noopener\">September, 2019<\/a> and they have been very active ever since. The group was behind recent attacks on <a href=\"https:\/\/www.wsj.com\/articles\/jbs-paid-11-million-to-resolve-ransomware-attack-11623280781\">meat supplier JBS<\/a> (which resulted in the company paying $11 million to recover their systems) and <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/acer-reportedly-hit-with-$50m-ransomware-attack\/d\/d-id\/1340481\">computer manufacturer Acer<\/a> (when they demanded a $50 million ransom, the largest ever until now), to name a few.<\/p>\n<p>The current attack leveraged <a href=\"https:\/\/www.kaseya.com\/products\/vsa\/\" target=\"new\" rel=\"noopener\">Kaseya VSA<\/a>, which is a remote monitoring and management solution used by several managed service providers (MSPs) \u2013 companies that <a href=\"https:\/\/www.crn.com\/news\/security\/kaseya-msps-we-want-to-get-out-of-this-mess-\">use Kaseya software to manage smaller businesses<\/a>. The tool provides a central dashboard to monitor and manage endpoints and deploy security patches, among other functions.<\/p>\n<p>The main vulnerabilities used in the attack were <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-30116\" target=\"new\" rel=\"noopener\">CVE-2021-30116<\/a> (a credentials leak and business logic flaw), <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-30119\" target=\"new\" rel=\"noopener\">CVE-2021-30119<\/a> (a cross-site scripting) and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-30120\">CVE-2021-30120<\/a> (a two-factor authentication bypass). The vulnerabilities were discovered by the <a href=\"https:\/\/csirt.divd.nl\/2021\/07\/07\/Kaseya-Limited-Disclosure\/\">Dutch Institute for Vulnerability Disclosure (DIVD) and reported to Kaseya<\/a>, who was working on the patches even before the REvil attack happened. Using these vulnerabilities, the actors delivered ransomware via an automated (fake) software update from compromised VSA servers to VSA agents running on managed Windows devices.<\/p>\n<p>Kaseya <a href=\"https:\/\/www.kaseya.com\/press-release\/kaseya-responds-swiftly-to-sophisticated-cyberattack-mitigating-global-disruption-to-customers\/\" target=\"new\" rel=\"noopener\">reported that 50 customers were affected<\/a>. Around 40 of those were MSPs, which means that their customers could also be affected. In the end, the company said that around 1500 organizations were affected, many of which are small and medium sized businesses.<\/p>\n<h2>What should Forescout customers do?<\/h2>\n<p>As recommended by Kaseya, any on-premise VSA server should be immediately patched.<\/p>\n<p>We see 116 customers on Device Cloud with Kaseya installed on their devices (close to 7% of the total 1,688 customers uploading data to Device Cloud). On these customers, we see close to 30,000 devices with the agent and 9 with the server, divided by industry verticals as shown below.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/Devices-with-Kaseya-agent-per-customer-vertical-300x193.png\" alt=\"\" width=\"300\" height=\"193\" class=\"alignnone size-medium wp-image-67750\" srcset=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/Devices-with-Kaseya-agent-per-customer-vertical-300x193.png 300w, https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/Devices-with-Kaseya-agent-per-customer-vertical-1024x659.png 1024w, https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/Devices-with-Kaseya-agent-per-customer-vertical-768x494.png 768w, https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/Devices-with-Kaseya-agent-per-customer-vertical.png 1306w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>These customers can use <a href=\"\/platform\/eyesight\/\">eyeSight<\/a> to locate devices running the VSA server or agent using the \u201cWindows Applications Installed\u201d attribute given by the <a href=\"https:\/\/docs.forescout.com\/bundle\/hps-ie-11-1-1-h\/page\/hps-ie-11-1-1-h.About-the-HPS-Inspection-Engine.html\">HPS Inspection Engine plugin<\/a>. The values to look for are \u201cKaseya Agent\u201d and \u201cKaseya Server\u201d.<\/p>\n<p>Once devices running Kaseya are identified, users can procced with patching <a href=\"https:\/\/helpdesk.kaseya.com\/hc\/en-gb\/articles\/4403785889041\" target=\"new\" rel=\"noopener\">as described by Kaseya<\/a>. <a href=\"https:\/\/us-cert.cisa.gov\/ncas\/current-activity\/2021\/07\/04\/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa\" target=\"new\" rel=\"noopener\">CISA\/FBI<\/a> also recommend to download and run the IoC <a href=\"https:\/\/kaseya.app.box.com\/s\/0ysvgss7w48nxh8k1xt7fqhbcjxhas40\">detection tool provided by Kaseya<\/a> on both servers and managed endpoints to detect signs of intrusion.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On July 2, news emerged of a large-scale attack leveraging the Kaseya VSA network monitoring and management solution to deploy a variant of the REvil ransomware. The attackers claimed that more than a million devices had been infected and they demanded $70 million in Bitcoin to publish a tool to decrypt the files of all [&hellip;]<\/p>\n","protected":false},"author":147,"featured_media":67748,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"ep_exclude_from_search":false,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[562],"tags":[],"coauthors":[666],"class_list":["post-67747","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-views"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Thousands of companies compromised by REvil Ransomware \u2013 the supply chain strikes again - Forescout<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-\u2013-the-supply-chain-strikes-again\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Thousands of companies compromised by REvil Ransomware \u2013 the supply chain strikes again - Forescout\" \/>\n<meta property=\"og:description\" content=\"On July 2, news emerged of a large-scale attack leveraging the Kaseya VSA network monitoring and management solution to deploy a variant of the REvil ransomware. The attackers claimed that more than a million devices had been infected and they demanded $70 million in Bitcoin to publish a tool to decrypt the files of all [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-\u2013-the-supply-chain-strikes-again\/\" \/>\n<meta property=\"og:site_name\" content=\"Forescout\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ForescoutTechnologies\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-17T18:29:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-17T18:34:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/Forescout_Blog-Images_REvil_2134x1170.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2134\" \/>\n\t<meta property=\"og:image:height\" content=\"1170\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Tim Ferman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Forescout\" \/>\n<meta name=\"twitter:site\" content=\"@Forescout\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/\"},\"author\":{\"name\":\"Tim Ferman\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/3b8aa8652e4fbf538d27b3b20f689844\"},\"headline\":\"Thousands of companies compromised by REvil Ransomware \u2013 the supply chain strikes again\",\"datePublished\":\"2021-07-17T18:29:53+00:00\",\"dateModified\":\"2021-07-17T18:34:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/\"},\"wordCount\":596,\"publisher\":{\"@id\":\"https:\/\/www.forescout.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/Forescout_Blog-Images_REvil_2134x1170.png\",\"articleSection\":[\"News &amp; Views\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/\",\"url\":\"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/\",\"name\":\"Thousands of companies compromised by REvil Ransomware \u2013 the supply chain strikes again - Forescout\",\"isPartOf\":{\"@id\":\"https:\/\/www.forescout.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/Forescout_Blog-Images_REvil_2134x1170.png\",\"datePublished\":\"2021-07-17T18:29:53+00:00\",\"dateModified\":\"2021-07-17T18:34:09+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/#primaryimage\",\"url\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/Forescout_Blog-Images_REvil_2134x1170.png\",\"contentUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/Forescout_Blog-Images_REvil_2134x1170.png\",\"width\":2134,\"height\":1170,\"caption\":\"Thousands of companies compromised by REvil Ransomware \u2013 the supply chain strikes again\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.forescout.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Thousands of companies compromised by REvil Ransomware \u2013 the supply chain strikes again\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.forescout.com\/#website\",\"url\":\"https:\/\/www.forescout.com\/\",\"name\":\"Forescout\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.forescout.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.forescout.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.forescout.com\/#organization\",\"name\":\"Forescout Technologies, Inc.\",\"url\":\"https:\/\/www.forescout.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg\",\"contentUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg\",\"width\":1,\"height\":1,\"caption\":\"Forescout Technologies, Inc.\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/ForescoutTechnologies\",\"https:\/\/x.com\/Forescout\",\"https:\/\/www.instagram.com\/forescouttechnologies\/\",\"https:\/\/www.linkedin.com\/company\/forescout-technologies\",\"https:\/\/www.youtube.com\/user\/forescout1\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/3b8aa8652e4fbf538d27b3b20f689844\",\"name\":\"Tim Ferman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/image\/4d2bb5147285f8f05651dcddfde2b371\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/57ec54d610971314fbab3699bdab891553362c500fcf01a3422bc9f76e408255?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/57ec54d610971314fbab3699bdab891553362c500fcf01a3422bc9f76e408255?s=96&d=mm&r=g\",\"caption\":\"Tim Ferman\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Thousands of companies compromised by REvil Ransomware \u2013 the supply chain strikes again - Forescout","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-\u2013-the-supply-chain-strikes-again\/","og_locale":"en_US","og_type":"article","og_title":"Thousands of companies compromised by REvil Ransomware \u2013 the supply chain strikes again - Forescout","og_description":"On July 2, news emerged of a large-scale attack leveraging the Kaseya VSA network monitoring and management solution to deploy a variant of the REvil ransomware. The attackers claimed that more than a million devices had been infected and they demanded $70 million in Bitcoin to publish a tool to decrypt the files of all [&hellip;]","og_url":"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-\u2013-the-supply-chain-strikes-again\/","og_site_name":"Forescout","article_publisher":"https:\/\/www.facebook.com\/ForescoutTechnologies","article_published_time":"2021-07-17T18:29:53+00:00","article_modified_time":"2021-07-17T18:34:09+00:00","og_image":[{"width":2134,"height":1170,"url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/Forescout_Blog-Images_REvil_2134x1170.png","type":"image\/png"}],"author":"Tim Ferman","twitter_card":"summary_large_image","twitter_creator":"@Forescout","twitter_site":"@Forescout","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/#article","isPartOf":{"@id":"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/"},"author":{"name":"Tim Ferman","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/3b8aa8652e4fbf538d27b3b20f689844"},"headline":"Thousands of companies compromised by REvil Ransomware \u2013 the supply chain strikes again","datePublished":"2021-07-17T18:29:53+00:00","dateModified":"2021-07-17T18:34:09+00:00","mainEntityOfPage":{"@id":"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/"},"wordCount":596,"publisher":{"@id":"https:\/\/www.forescout.com\/#organization"},"image":{"@id":"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/#primaryimage"},"thumbnailUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/Forescout_Blog-Images_REvil_2134x1170.png","articleSection":["News &amp; Views"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/","url":"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/","name":"Thousands of companies compromised by REvil Ransomware \u2013 the supply chain strikes again - Forescout","isPartOf":{"@id":"https:\/\/www.forescout.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/#primaryimage"},"image":{"@id":"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/#primaryimage"},"thumbnailUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/Forescout_Blog-Images_REvil_2134x1170.png","datePublished":"2021-07-17T18:29:53+00:00","dateModified":"2021-07-17T18:34:09+00:00","breadcrumb":{"@id":"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/#primaryimage","url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/Forescout_Blog-Images_REvil_2134x1170.png","contentUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/Forescout_Blog-Images_REvil_2134x1170.png","width":2134,"height":1170,"caption":"Thousands of companies compromised by REvil Ransomware \u2013 the supply chain strikes again"},{"@type":"BreadcrumbList","@id":"https:\/\/www.forescout.com\/blog\/thousands-of-companies-compromised-by-revil-ransomware-%e2%80%93-the-supply-chain-strikes-again\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.forescout.com\/"},{"@type":"ListItem","position":2,"name":"Thousands of companies compromised by REvil Ransomware \u2013 the supply chain strikes again"}]},{"@type":"WebSite","@id":"https:\/\/www.forescout.com\/#website","url":"https:\/\/www.forescout.com\/","name":"Forescout","description":"","publisher":{"@id":"https:\/\/www.forescout.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.forescout.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.forescout.com\/#organization","name":"Forescout Technologies, Inc.","url":"https:\/\/www.forescout.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg","contentUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg","width":1,"height":1,"caption":"Forescout Technologies, Inc."},"image":{"@id":"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ForescoutTechnologies","https:\/\/x.com\/Forescout","https:\/\/www.instagram.com\/forescouttechnologies\/","https:\/\/www.linkedin.com\/company\/forescout-technologies","https:\/\/www.youtube.com\/user\/forescout1"]},{"@type":"Person","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/3b8aa8652e4fbf538d27b3b20f689844","name":"Tim Ferman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/image\/4d2bb5147285f8f05651dcddfde2b371","url":"https:\/\/secure.gravatar.com\/avatar\/57ec54d610971314fbab3699bdab891553362c500fcf01a3422bc9f76e408255?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/57ec54d610971314fbab3699bdab891553362c500fcf01a3422bc9f76e408255?s=96&d=mm&r=g","caption":"Tim Ferman"}}]}},"featured_media_url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/07\/Forescout_Blog-Images_REvil_2134x1170.png","is_file":false,"excerpt_manually_set":false,"_links":{"self":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts\/67747","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/users\/147"}],"replies":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/comments?post=67747"}],"version-history":[{"count":0,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts\/67747\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/media\/67748"}],"wp:attachment":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/media?parent=67747"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/categories?post=67747"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/tags?post=67747"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/coauthors?post=67747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}