Maximum PC

WORLDWIDE RANSOMWARE ATTACK

$70m demanded after major IT supplier hit

-

A RUSSIAN-BASED group of hackers known as REvil has broken into Kaseya, a Miamibased company that provides IT services, including VSA, a remote monitoring tool for networks. Modificati­ons were made to VSA, which was unwittingl­y used by the victims, enabling the hackers to start encrypting files. As soon as the breach was noticed, Kaseya recommende­d that its customers shut down VSA, and it took all its data centers offline. A fix was in place three days later, but damage had been done. Part of VSA’s job is the automated distributi­on of software across networks, which makes it an ideal target for these attacks. It’s unclear how many companies have been compromise­d; Kaseya claims it’s 50. However, these companies have their own customers, and it’s estimated that 1,000 to 2,000 business have been compromise­d. Among them was a Swedish grocery chain that had to close 800 stores as its tills stopped working. Fortunatel­y, damage in the US appears to be light, but that is down to luck. This looks like the biggest ransomware attack yet.

A post on a blog frequented by the gang demanded $70m to unlock all the data in one go. This a prolific and organized group of hackers that carries out attacks purely for profit. Last month it managed to extort $11m from a Brazilian meatpackin­g company after it paralyzed its North American and Australian operations.

US intelligen­ce agencies are on the case, but tracking down shadowy groups hiding abroad is difficult. However, when attacks get this big, they start to worry government­s everywhere. There have been hints from authoritie­s here that action against servers used to launch these attacks is under considerat­ion. Interestin­gly, REvil’s payment website, and blogs used by REvil, suddenly went offline two weeks after the attack, leading to speculatio­n about who, and how, pressure was brought to bear.

 ??  ??

Newspapers in English

Newspapers from United States