Major ransomware attacks against technology providers put other companies in trouble
On Saturday, businesses around the world were eager to contain ransomware attacks that paralyzed their computer networks. At the beginning of the July 4 holiday weekend, the situation in the United States became complicated due to insufficient office staff.
It is not clear how many organizations have been hit by demanding ransom to make their systems run again. But some cybersecurity researchers predict that the attack on the customers of software provider Kaseya may be one of the most widespread ransomware attacks on record.
Cybersecurity company ESET stated that there are victims in at least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Kenya, and Germany.
Prior to this, there have been high-profile attacks in recent months, when US President Joe Biden and Russian President Vladimir Putin caused diplomatic tensions over whether Russia has become a safe haven for cybercriminals.
Biden said on Saturday that he is not yet sure who is responsible for this, adding that he has instructed US intelligence agencies to investigate the man behind the attack.
Biden said: “If Russia knows or is caused by Russia, then I tell Putin we will respond.” “We are not sure. The original idea was the Russian government.”
Cyber ??security experts said that the major Russian ransomware group REvil group seems to be behind the Kaseya attack, using its network management package as a channel to spread ransomware through cloud service providers.
Dmitri Alperovitch, a cybersecurity expert at the Silverado Policy Accelerator think tank, said: “The number of victims here has exceeded one thousand, and it may reach tens of thousands.” “In terms of impact, no other ransomware activity is closer than this.”
According to the Swedish public broadcaster SVT, in Sweden, most of the 800 stores of the grocery chain Coop cannot open because their cash registers are not working properly. The Swedish National Railway and a large local pharmacy were also affected.
Kaseya is developing a patch
Kaseya CEO Fred Voccola said in a statement that the company believes that it has identified the source of the vulnerability and will “release the patch as soon as possible so that our customers can resume normal operations.”
Voccola said that fewer than 40 Kaseya customers are known to be affected, but experts say that ransomware may still affect hundreds of companies that rely on Kaseya customers to provide a wider range of IT services.
John Hammond of the security company Huntress Labs said he knows that many hosting providers-companies that host IT infrastructure for multiple customers-are attacked by ransomware, which encrypts the network until the victim pays. Attacker’s cost.
“There are reasons to think that this may affect thousands of small businesses,” Hammond said, based on his estimation based on service providers seeking help from his company and comments posted on Reddit showing the reactions of others.
Brett Callow, a ransomware expert at the cybersecurity company Emsisoft, said that at least some of the victims appeared to have received a ransom of $45,000, which is considered a small demand, but it is still receiving data from thousands of victims. It may increase rapidly when requested there.
The attack may take place during the holidays
James Shank of threat intelligence company Team Cymru said, “It is reasonable to assume that this schedule was planned by hackers for the holidays.”
REvil, the organization that most experts are connected to the attack, is the same ransomware provider. The FBI linked it to the attack on Brazil-based JBS, a major global meat processor that killed soldiers in the United States. During the Memorial Day holiday, forced to pay a ransom of $11 million over the weekend of May.
The US Federal Agency for Cybersecurity and Infrastructure Security said in a statement that it is closely monitoring the situation and is cooperating with the FBI to gather more information about its impact.
CISA urges anyone who may be affected to “shut down the VSA server immediately following Kaseya’s guidance.” Kaseya runs a so-called virtual system administrator or VSA for remote management and monitoring of customers’ networks.
The privately held Kaseya is headquartered in Dublin and the US headquarter is in Miami.