Just to clarify all the things, here are what you should take away from the REvil Kaseya exploit:
Kaseya was working on a patch for a properly disclosed vulnerability and doing everything right until someone else found out there was a vulnerability and then it was all over.
We don’t have proof the exploit was leaked/stolen.
This was not a supply chain attack from Kaseya’s perspective. This was a midstream supply chain attack hitting Kaseya’s distributors—the managed service providers. So, it wasn’t burned in at the factory, it was installed after shipping (to borrow an NSA Playset metaphor). From the point of view of the end customers, it was still a supply chain attack, because it happened before it got to them.
It is probably not a great thing to have a product that only works if you exclude where it works from malware protection. Windows already has enough built in tools that can be turned to evil purposes; we don’t need more.
There is no way that REvil is planning on directly handling all the “customers” this attack created. They’re just laughing their asses off.
If Dharma is the McDonald’s of ransomware, REvil is the Amazon: they have “contractors” who deliver but they’re the ones who collect the money. They’ve been particularly salty since Biden got pissed over the Brazilian meatpacking fiasco (that just happened to be a multinational meatpacking fiasco), and they’re putting BLACK LIVES MATTER *AND* dtrump4ever in their payloads just to super-troll. They’ve been doing that for months. And then they throw away a zero-day on a one-fer instant ransomware all you can encrypt buffet like a micro-notpetya. Don’t think that them dropping this ransomware buffet on everybody’s 4th of July party is a coincidence.
Fancy Bear Friends 