{"id":"https://openalex.org/W4407051081","doi":"https://doi.org/10.1049/ise2/1655307","title":"Analyzing the 2021 Kaseya Ransomware Attack: Combined Spearphishing Through SonicWall SSLVPN Vulnerability","display_name":"Analyzing the 2021 Kaseya Ransomware Attack: Combined Spearphishing Through SonicWall SSLVPN Vulnerability","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4407051081","doi":"https://doi.org/10.1049/ise2/1655307"},"language":"en","primary_location":{"id":"doi:10.1049/ise2/1655307","is_oa":true,"landing_page_url":"https://doi.org/10.1049/ise2/1655307","pdf_url":"https://onlinelibrary.wiley.com/doi/pdfdirect/10.1049/ise2/1655307","source":{"id":"https://openalex.org/S58852226","display_name":"IET Information Security","issn_l":"1751-8709","issn":["1751-8709","1751-8717"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310311714","host_organization_name":"Institution of Engineering and Technology","host_organization_lineage":["https://openalex.org/P4310311714"],"host_organization_lineage_names":["Institution of Engineering and Technology"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IET Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://onlinelibrary.wiley.com/doi/pdfdirect/10.1049/ise2/1655307","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5041907021","display_name":"Suman Bhunia","orcid":"https://orcid.org/0000-0003-3587-3509"},"institutions":[{"id":"https://openalex.org/I83328450","display_name":"Miami University","ror":"https://ror.org/05nbqxr67","country_code":"US","type":"education","lineage":["https://openalex.org/I83328450"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Suman Bhunia","raw_affiliation_strings":["Department of Computer Science and Software Engineering ,  Miami University ,  Oxford ,  Ohio ,  USA , miamioh.edu"],"raw_orcid":"https://orcid.org/0000-0003-3587-3509","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Software Engineering ,  Miami University ,  Oxford ,  Ohio ,  USA , miamioh.edu","institution_ids":["https://openalex.org/I83328450"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5116110864","display_name":"Matthew Blackert","orcid":null},"institutions":[{"id":"https://openalex.org/I83328450","display_name":"Miami University","ror":"https://ror.org/05nbqxr67","country_code":"US","type":"education","lineage":["https://openalex.org/I83328450"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Matthew Blackert","raw_affiliation_strings":["Department of Computer Science and Software Engineering ,  Miami University ,  Oxford ,  Ohio ,  USA , miamioh.edu"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Software Engineering ,  Miami University ,  Oxford ,  Ohio ,  USA , miamioh.edu","institution_ids":["https://openalex.org/I83328450"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5116110865","display_name":"Henry Deal","orcid":null},"institutions":[{"id":"https://openalex.org/I83328450","display_name":"Miami University","ror":"https://ror.org/05nbqxr67","country_code":"US","type":"education","lineage":["https://openalex.org/I83328450"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Henry Deal","raw_affiliation_strings":["Department of Computer Science and Software Engineering ,  Miami University ,  Oxford ,  Ohio ,  USA , miamioh.edu"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Software Engineering ,  Miami University ,  Oxford ,  Ohio ,  USA , miamioh.edu","institution_ids":["https://openalex.org/I83328450"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5116110866","display_name":"Andrew DePero","orcid":null},"institutions":[{"id":"https://openalex.org/I83328450","display_name":"Miami University","ror":"https://ror.org/05nbqxr67","country_code":"US","type":"education","lineage":["https://openalex.org/I83328450"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Andrew DePero","raw_affiliation_strings":["Department of Computer Science and Software Engineering ,  Miami University ,  Oxford ,  Ohio ,  USA , miamioh.edu"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Software Engineering ,  Miami University ,  Oxford ,  Ohio ,  USA , miamioh.edu","institution_ids":["https://openalex.org/I83328450"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5074044952","display_name":"Amar Nath Patra","orcid":"https://orcid.org/0000-0001-5852-4139"},"institutions":[{"id":"https://openalex.org/I53559539","display_name":"Radford University","ror":"https://ror.org/04647g470","country_code":"US","type":"education","lineage":["https://openalex.org/I53559539"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Amar Patra","raw_affiliation_strings":["School of Computing and Information Sciences ,  Radford University ,  Radford ,  Virginia ,  USA , radford.edu"],"raw_orcid":"https://orcid.org/0000-0001-5852-4139","affiliations":[{"raw_affiliation_string":"School of Computing and Information Sciences ,  Radford University ,  Radford ,  Virginia ,  USA , radford.edu","institution_ids":["https://openalex.org/I53559539"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5074044952"],"corresponding_institution_ids":["https://openalex.org/I53559539"],"apc_list":{"value":2000,"currency":"EUR","value_usd":2200},"apc_paid":{"value":2000,"currency":"EUR","value_usd":2200},"fwci":4.5122,"has_fulltext":true,"cited_by_count":5,"citation_normalized_percentile":{"value":0.94185984,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":"2025","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.7134521007537842},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6694614887237549},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6556071639060974},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5889959931373596},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.32641151547431946}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.7134521007537842},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6694614887237549},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6556071639060974},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5889959931373596},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.32641151547431946}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1049/ise2/1655307","is_oa":true,"landing_page_url":"https://doi.org/10.1049/ise2/1655307","pdf_url":"https://onlinelibrary.wiley.com/doi/pdfdirect/10.1049/ise2/1655307","source":{"id":"https://openalex.org/S58852226","display_name":"IET Information Security","issn_l":"1751-8709","issn":["1751-8709","1751-8717"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310311714","host_organization_name":"Institution of Engineering and Technology","host_organization_lineage":["https://openalex.org/P4310311714"],"host_organization_lineage_names":["Institution of Engineering and Technology"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IET Information Security","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:a5cf413ada93467dac90a038388ffed6","is_oa":true,"landing_page_url":"https://doaj.org/article/a5cf413ada93467dac90a038388ffed6","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IET Information Security, Vol 2025 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1049/ise2/1655307","is_oa":true,"landing_page_url":"https://doi.org/10.1049/ise2/1655307","pdf_url":"https://onlinelibrary.wiley.com/doi/pdfdirect/10.1049/ise2/1655307","source":{"id":"https://openalex.org/S58852226","display_name":"IET Information Security","issn_l":"1751-8709","issn":["1751-8709","1751-8717"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310311714","host_organization_name":"Institution of Engineering and Technology","host_organization_lineage":["https://openalex.org/P4310311714"],"host_organization_lineage_names":["Institution of Engineering and Technology"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IET Information Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4407051081.pdf","grobid_xml":"https://content.openalex.org/works/W4407051081.grobid-xml"},"referenced_works_count":36,"referenced_works":["https://openalex.org/W1608145993","https://openalex.org/W2341168461","https://openalex.org/W2975048949","https://openalex.org/W3004890695","https://openalex.org/W3036035276","https://openalex.org/W3125712971","https://openalex.org/W3132588576","https://openalex.org/W3138857801","https://openalex.org/W3142636317","https://openalex.org/W3164128970","https://openalex.org/W3216626198","https://openalex.org/W4206172203","https://openalex.org/W4280570131","https://openalex.org/W4281950482","https://openalex.org/W4283386253","https://openalex.org/W4285325114","https://openalex.org/W4285326133","https://openalex.org/W4285327239","https://openalex.org/W4285327757","https://openalex.org/W4292388356","https://openalex.org/W4366374091","https://openalex.org/W4378905504","https://openalex.org/W4381744946","https://openalex.org/W4384835155","https://openalex.org/W4385452929","https://openalex.org/W4386255590","https://openalex.org/W4390636702","https://openalex.org/W4391333914","https://openalex.org/W4391454475","https://openalex.org/W4391599322","https://openalex.org/W4400553160","https://openalex.org/W4401197323","https://openalex.org/W4402381449","https://openalex.org/W4403896883","https://openalex.org/W4404413017","https://openalex.org/W7024289176"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W3201228709","https://openalex.org/W2922354075","https://openalex.org/W4389157351","https://openalex.org/W4232561318","https://openalex.org/W3202245533","https://openalex.org/W4253977752","https://openalex.org/W2942879794"],"abstract_inverted_index":{"In":[0],"July":[1],"2021,":[2],"the":[3,10,34,38,41,45,80],"IT":[4],"management":[5],"software":[6],"company":[7],"Kaseya":[8],"was":[9,21,50],"victim":[11],"of":[12,18,37,83,116,125],"a":[13,88,94,132,140],"ransomware":[14,22,28,98],"cyberattack.":[15],"The":[16,48,76],"perpetrator":[17],"this":[19],"attack":[20,49,77],"evil":[23],"(REvil),":[24],"an":[25,123],"allegedly":[26],"Russian\u2010based":[27],"threat":[29],"group.":[30],"This":[31],"paper":[32],"addresses":[33],"general":[35],"events":[36],"incident":[39],"and":[40,63,87,106,109,114,139],"actions":[42],"executed":[43],"by":[44],"constituents":[46],"involved.":[47],"conducted":[51],"through":[52,70],"specially":[53],"crafted":[54],"hypertext":[55],"transfer":[56],"protocol":[57],"(HTTP)":[58],"requests":[59],"to":[60,66,79,135],"circumvent":[61],"authentication":[62],"allow":[64],"hackers":[65],"upload":[67],"malicious":[68],"payloads":[69],"Kaseya\u2019s":[71,126],"virtual":[72],"system":[73],"administrator":[74],"(VSA).":[75],"led":[78],"emergency":[81],"shutdown":[82],"many":[84],"VSA":[85],"servers":[86],"federal":[89],"investigation.":[90],"REvil":[91],"has":[92],"had":[93],"tremendous":[95],"impact":[96],"performing":[97],"operations,":[99],"including":[100],"worsening":[101],"international":[102],"relations":[103],"between":[104],"Russia":[105],"world":[107],"leaders":[108],"costing":[110],"considerable":[111],"infrastructure":[112],"damage":[113],"millions":[115],"dollars":[117],"in":[118],"ransom":[119],"payments.":[120],"We":[121],"present":[122],"overview":[124],"defense":[127],"strategy":[128],"involving":[129],"customer":[130],"interaction,":[131],"PowerShell":[133],"script":[134],"detect":[136],"compromised":[137],"clients,":[138],"cure\u2010all":[141],"decryption":[142],"key":[143],"that":[144],"unlocks":[145],"all":[146],"locked":[147],"files.":[148]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":3}],"updated_date":"2026-06-15T08:34:33.830935","created_date":"2025-10-10T00:00:00"}
