WORLDWIDE RANSOMWARE ATTACK
$70m demanded after major IT supplier hit
A RUSSIAN-BASED group of hackers known as REvil has broken into Kaseya, a Miamibased company that provides IT services, including VSA, a remote monitoring tool for networks. Modifications were made to VSA, which was unwittingly used by the victims, enabling the hackers to start encrypting files. As soon as the breach was noticed, Kaseya recommended that its customers shut down VSA, and it took all its data centers offline. A fix was in place three days later, but damage had been done. Part of VSA’s job is the automated distribution of software across networks, which makes it an ideal target for these attacks. It’s unclear how many companies have been compromised; Kaseya claims it’s 50. However, these companies have their own customers, and it’s estimated that 1,000 to 2,000 business have been compromised. Among them was a Swedish grocery chain that had to close 800 stores as its tills stopped working. Fortunately, damage in the US appears to be light, but that is down to luck. This looks like the biggest ransomware attack yet.
A post on a blog frequented by the gang demanded $70m to unlock all the data in one go. This a prolific and organized group of hackers that carries out attacks purely for profit. Last month it managed to extort $11m from a Brazilian meatpacking company after it paralyzed its North American and Australian operations.
US intelligence agencies are on the case, but tracking down shadowy groups hiding abroad is difficult. However, when attacks get this big, they start to worry governments everywhere. There have been hints from authorities here that action against servers used to launch these attacks is under consideration. Interestingly, REvil’s payment website, and blogs used by REvil, suddenly went offline two weeks after the attack, leading to speculation about who, and how, pressure was brought to bear.