Hours before the holiday weekend of July 4th, an especially nasty piece of ransomware attacked remote networking tools at Kaseya, a system management provider. It then managed to quickly spread over Kaseya’s client network, affecting businesses that used its software. According to security experts, more than 200 clients’ networks were struck down following the attack. Kaseya has over 40,000 clients, but the exact scale and potential of this cybersecurity breach are currently unknown, possibly counting in thousands of affected businesses.
The hackers, known as the REvil group, followed this attack by a demand for crypto payment if the affected parties want to get their locked data back.
“On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is 70,000,000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour,” the REvil group said in its dark-web post.
Kaseya has urged its clients to immediately shut down its software that can be affected by this ransomware. The attack quickly went global since Kaseya has clients all over the world, and there are already reports of stores in Sweden losing access to their cash registers due to this hack. Kaseya has, in the meantime, confirmed the attack targeted a zero-day in its system and is already working on a patch to mitigate the issue.
REvil, or Ransomware Evil, is a fairly new group on the hacking scene. Its first operation was in May 2020, when it stole more than a terabyte of data from Grubman Shire Meiselas & Sacks, a New York-based law firm. The group also tried to extort $42 million from Donald Trump and threatened to publish or sell legal documents and other private information on pop divas Lady Gaga and Madonna. Some believe the group is based in Russia because it often communicates in Russian and avoids targeting ex-Soviet countries in its attacks, but those are just wild guesses at this point. The recent attacks have only highlighted that companies and individuals need strong cybersecurity measures, such as network monitoring solutions, to protect their data.