![]() If true, that aspect of the story could provide an interesting twist on how REvil initially discovered the vulnerability. On July 4, a Dutch research group revealed it had previously discovered and disclosed the vulnerability to Kaseya, who was working to validate a patch for the issue when the hack occurred. According to a report released by IT security company Sophos, the hackers used a zero-day exploit (an industry term describing a previously unknown security flaw) to insert malicious code in a Kaseya software update. Regardless of the price, the breadth and potential cost-both in ransom payments and in lost business revenue-of this attack might be unprecedented.Ī2: Various cybersecurity firms have pieced together how REvil compromised Kaseya’s software. When a researcher at cybersecurity consulting firm Krebs Stamos Group reached out to the hackers to inquire about the offer, REvil lowered the cost to $50 million. On July 3, the criminal group also offered for the price of $70 million a “universal decryptor” it claims would unlock all affected devices. The ransom demands from REvil fluctuated over the holiday weekend, with initial reports suggesting the group was demanding $45,000 from smaller businesses and $5 million from larger organizations. While many Coop stores have since been able to reopen using workarounds, getting systems fully back online could take weeks and cause serious losses in revenue for the company. One victim of the attack experiencing tangible disruptions is the Coop supermarket chain in Sweden, which had to close down 800 stores on July 3 because of compromised cash registers. Businesses affected include pharmacies, gas stations, railways, dental practices, architecture firms, schools, plastic surgery centers, and libraries. With investigations only just underway, it is still too early to tell the true scale of the attack, though some fear tens of thousands of victims may have been infected with ransomware. Security firm ESET said it knows of victims across 17 countries. Kaseya CEO Fred Voccola said in an interview on July 6 that only 50 to 60 of the company’s 37,000 customers were compromised, while REvil brags that more than a million individual devices have been affected. Current estimates from Kaseya place the number of downstream businesses affected by the hack between 800 and 1,500-potentially the largest number of victims of a single ransomware attack so far. Kaseya sells software tools to IT providers, who in turn service large and small businesses globally. company whose software manages networks, systems, and information technology (IT) infrastructure. ![]() Q1: What happened and who are the victims?Ī1: The attack on July 2 targeted Kaseya, a U.S. In a press conference on Tuesday, July 6, White House press secretary Jen Psaki reinforced that rhetoric, saying, “if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own.” While recovery is underway for an estimated 1,500 affected businesses, the real test is still to come: whether Russia will take action against a ransomware group that uses its territory as a safe haven and, if not, whether the Biden administration will follow through on tougher rhetoric about retaliation. A cybercriminal group, REvil, is demanding $50 million to restore victims’ data, after using a one-two-three punch of a zero-day vulnerability, a supply chain hack, and a ransomware encryption program. offices prepared to close down for the long weekend in celebration of July 4, businesses around the world were hit by the single biggest ransomware attack on record.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |