The Kaseya Cyberattack where thousands of companies worldwide are thought to be being held to ransom by Russian hackers group REvil. The group is reportedly demanding $70m in crypto currencies in exchange for the code which will unlock the ransomware.
Summary
- How did the Kaseya Cyberattack happen
- Who are to blame for the Kaseya Cyberattack
- Demand of the Kaseya Cyberattackers
- Who have suffered from The Kaseya Cyberattack
- How to stay safe from cyberattacks
How did the Kaseya Cyberattack happen
Like many cyberattacks, this one came on the verge of a holiday weekend. As the company itself notes, “Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to our teams’ fast response, we believe that this has been localized to a very small number of on-premises customers only.”
Kaseya’s software had been manipulated by extortion software “to encrypt data of more than a thousand companies,” Huntress Labs, a consulting firm specializing in cybersecurity, said Saturday.
Most of the affected organizations are small and medium businesses, such as dentist offices, car dealers, libraries, schools and grocery stores.
The hacked Kaseya tool, VSA, remotely maintains customer networks, automating security and other software updates. Essentially, a tool designed to protect networks from malware was cleverly used to distribute it.
The hackers behind a mass ransomware attack exploited multiple previously unknown vulnerabilities in IT management software made by Kaseya Ltd. The hackers used a previously unknown flaw in Miami-based Kaseya’s code to push ransomware to servers that used the software and were connected to the Internet.
A more detailed analysis of the attack can be found here – truesec.com
Who are to blame for the Kaseya Cyberattack
A Russian-based cybercriminal organization known as REvil claimed responsibility on Sunday for the attack, boasting about it on its site called “Happy Blog” on the dark web.
“If you are interested in such a deal, contact us,” the group wrote, adding that it had provided a way for victims to contact the organization.
“Jack Cable, a security researcher for Krebs Stamos Group, said that he had reached out to REvil over the weekend and that the group said it was willing to negotiate. It offered to slash the price for the tool to $50 million in Bitcoin, he said.”’
Demand of the Kaseya Cyberattackers
Hackers have demanded $70 million in bitcoin or cryptocurrency in exchange for a key that decrypts all of the victims’ data as part of the largest ransomware attack in history. More than a thousand businesses around the world have been impacted by the cyberattack on digital service provider Kaseya.
“An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said.” (npr.org)
“REvil was demanding ransoms of up to $5 million, the researchers said. But late Sunday it offered in a posting on its dark web site a universal decryptor software key that would unscramble all affected machines in exchange for $70 million in cryptocurrency.” (npr.org)
Who have suffered from The Kaseya Cyberattack
Between 800 and 1,500 businesses around the world were compromised by the cyberattack including a supermarket chain in Sweden and schools in New Zealand.
Coop, one of Sweden’s largest supermarket chains, was forced to close some 500 stores due to an ongoing cyberattack affecting organizations around the world reported by BBC.
The cyber attack on American software maker Kaseya at the weekend has affected hundreds of Dutch companies as well as two big Dutch IT services companies VelzArt and Hoppenbrouwer Techniek.
A Swedish pharmacy chain, gas station chain, the state railway and public broadcaster SVT were also hit.
In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised.
How to stay safe from cyberattacks
Onsist would recommend you to Up your Cyber Security by Monitoring the Dark Web. Onsist provides services which detect dark web threats, pick up on attackers and their intentions, and avert future attacks.
Through this service you can monitor and look for online threats that are hiding on hidden sources such as data breach archives, illegitimate and illegal forums, and dark web marketplaces.
Find out about groups that are targeting your brand, business or person and why they are doing it. Be right there when compromised data is leaked, take action and prevent future attacks.