Kaseya Ransomware Attack Massive Scales, Details Emerge

Representative Image
Representative Image

Cybersecurity teams worked feverishly to stem the impact of the single biggest global ransomware attack on record on Sunday, said report.

Some details emerged about how the Russia-linked gang responsible breached the company whose software was the conduit.

Cybersecurity researchers said that an affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers.

They reported ransom demands of up to $5 million.

The FBI said in a statement on Sunday that it was investigating the attack along with the federal Cybersecurity and Infrastructure Security Agency.

They said, "the scale of this incident may make it so that we are unable to respond to each victim individually."

Deputy National Security Advisor Anne Neuberger later issued a statement saying U.S. President Joe Biden had "directed the full resources of the government to investigate this incident"

He further urged all who believed they were compromised to alert the FBI.

Mr. Biden suggested on Saturday the U.S. would respond if it was determined that the Kremlin is at all involved.

The attack comes less than a month after Mr. Biden pressed Russian President Vladimir Putin to stop providing safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the U.S. deems a national security threat.

According to a report from The Hindu, broad array of businesses and public agencies were hit by the latest attack, apparently on all continents, including in financial services, travel and leisure and the public sector — though few large companies, the cybersecurity firm Sophos reported. Ransomware criminals break into networks and sow malware that cripples networks on activation by scrambling all their data. Victims get a decoder key when they pay up.

The Swedish grocery chain Coop said most of its 800 stores would be closed for a second day on Sunday because their cash register software supplier was crippled.

Experts are saying that it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing U.S. offices would be lightly staffed.

Mr Voccola said that many victims may not learn of it until they are back at work on Monday. The vast majority of end customers of managed service providers "have no idea" what kind of software is used to keep their networks humming.

One of the first cybersecurity firms to sound the alarm on the attack, Huntress Labs official John Hammond said he'd seen $5 million and $500,000 demands by REVil for the decryptor key needed to unlock scrambled networks. The smallest amount demanded appears to have been $45,000.

It was not the first ransomware attack to leverage managed services providers. In 2019, criminals hobbled the networks of 22 Texas municipalities through one. That same year, 400 U.S. dental practices were crippled in a separate attack, stated report.

Related Stories

No stories found.

No stories found.
top-stories>>top-stories/kaseya-ransomware-attack-massive-scales-details-emerge
logo
Pratidin Time
www.pratidintime.com