Incidents attributed to:
REvil affiliates exploited a SQL injection zero-day in Kaseya's VSA remote-management platform to push ransomware to ~60 MSPs and through them to ~1,500 downstream organisations. The largest supply-chain ransomware attack on record.
REvil affiliates encrypted the world's largest meat processor, shutting down beef and pork plants across the U.S., Canada, and Australia. JBS paid an $11 million ransom โ one of the largest publicly-confirmed ransomware payments at the time.
REvil/Sodinokibi operators detonated against Travelex on New Year's Eve 2019 after dwelling in the network for six months via an unpatched Pulse Secure VPN. Travelex paid $2.3 million; parent Finablr failed; PwC put Travelex into administration with the loss of over 1,300 jobs.