Scale, details of massive ransomware attack emerge

President Joe Biden suggested on Saturday that the United States would respond if it was determined that the Kremlin was involved. He said he asked the intelligence community for a “deep dive” into what happened.

The attack comes less than a month after Biden urged Russian President Vladimir Putin to stop providing safe haven for REvil and other ransomware gangs including incessant extortion attacks the United States considers a threat to national security.

A wide range of businesses and public agencies have been affected by the latest attack, apparently on all continents, including in financial services, travel and leisure, and the public sector – although few large companies, have reported the cybersecurity company Sophos. Ransomware criminals break into networks and plant malware that cripples networks upon activation by scrambling all of their data. Victims receive a decoder key when they pay.

Swedish grocery chain Coop said most of its 800 stores would be closed for a second day on Sunday because their cash register software provider was paralyzed. A Swedish chain of pharmacies, a chain of gas stations, the public railway and the public broadcaster SVT were also affected.

In Germany, an anonymous IT services company told authorities that several thousand of its customers were compromised, dpa news agency reported. Also among the reported victims were two large Dutch IT service companies – VelzArt and Hoppenbrouwer Techniek. Most ransomware victims do not publicly report attacks and do not disclose if they have paid ransoms.

CEO Fred Voccola of the raped software company Kaseya estimated the number of victims to be a few thousand, mostly from small businesses like “dental offices, architectural firms, plastic surgery centers, libraries, things like that”.

Voccola said in an interview that only 50 to 60 of the company’s 37,000 customers have been compromised. But 70% were managed service providers who use the company’s pirated VSA software to manage multiple clients. It automates the installation of software and security updates and manages backups and other vital tasks.

Experts say it’s no coincidence that REvil launched the attack at the start of the July 4 holiday weekend, knowing that US offices would be understaffed. Many victims may not find out until they return to work on Monday. The vast majority of end customers of managed service providers “have no idea” of the type of software used to run their networks, said Voccola,

Kaseya said she sent a detection tool to nearly 900 customers on Saturday night.

John Hammond of Huntress Labs, one of the first cybersecurity companies to sound the alarm on the attack, said he saw REVil requests for $ 5 million and $ 500,000 for the necessary decryption key to unlock scrambled networks. The smallest amount requested appears to have been $ 45,000.

Sophisticated ransomware gangs at the REvil level typically examine a victim’s financial records – and insurance policies if they can find them – from the files they steal before activating the data jamming malware. . The criminals then threaten to dump the stolen data online unless they get paid. However, it was not immediately clear whether this attack involved data theft. The mechanism of infection suggests not.

“Data theft usually takes time and effort from the attacker, which is probably not possible in an attack scenario like this where there are so many small and medium-sized victim organizations.” said Ross McKerchar, chief information security officer at Sophos. “We haven’t seen any evidence of data theft, but it’s still early days and only time will tell if attackers are using this card to try to make victims pay.”

Dutch researchers said he alerted Miami-based Kaseya to the breach and said the criminals used a “zero day,” the industry term for a previous, unknown security breach in software. Voccola has not confirmed this or provided details of the breach except to say that it was not phishing.

“The level of sophistication here was extraordinary,” he said.

About Janet Young

Check Also

Punjab university launches online portal to collect department data for NAAC ranking : The Tribune India

Tribune press service Patiala, August 4 The University of Punjabi has launched an …

Leave a Reply

Your email address will not be published.