Case Study: Unitus Community Credit Union achieves zero business disruption during the REvil/Kaseya ransomware attack with Red Canary

Two Red Canary customers share their experiences following the 2021 Kaseya VSA ransomware attack

Unitus Community Credit Union, a Portland-based not-for-profit serving over 100,000 members with roughly 300 employees, was exposed during the July 2021 REvil (Sodinokibi) Kaseya supply‑chain attack when a third‑party phone vendor’s Kaseya‑managed server was compromised. Although Unitus did not use Kaseya directly, the compromise left a related server vulnerable — and Red Canary, via its MDR service and behavior‑based detections, was monitoring and ready.

Red Canary detected the suspicious activity early, linked it to REvil, and proactively engaged Unitus (with Principal Incident Handler Paul Michaud coordinating response), helping isolate the affected server, collect forensics, apply containment policies and revert to a clean snapshot. The threat was mitigated within hours (detected and contained the same day), members and operations remained unaffected, and Unitus experienced essentially zero business disruption thanks to Red Canary’s rapid detection and incident handling.

Unitus Community Credit Union

Harlan Hoult

Information Security Analyst