Barely two weeks after President Joe Biden said he gave Russian leader Vladimir Putin a stern talking-to on the subject of Russian hackers, American companies have again been struck.
On Friday, as the July Fourth weekend began, ransomware attacks began cropping up throughout the global software supply chain.
The Russian hacking group REvil, which was blamed for May 30 ransomware attack on meatpacking giant JBS SA, is considered by a large number of private cybersecurity experts to be behind the attacks — the scope of which is not fully clear.
“I wouldn’t be surprised if it was thousands of companies,” said Fabian Wosar, the chief technology officer of the software company Emsisoft, according to The Washington Post. “We just don’t know yet because of the long weekend in the U.S.”
Not clear yet but this Kaseya supply chain hack could end up worse than SolarWinds. Of similar modeling, in terms of style of spreading malicious code.
Bad 4th of July for lots of people.
No ransomware stalemate with Russia, it seems. https://t.co/FXHgeoEqwM
— Molly McKew (@MollyMcKew) July 3, 2021
“It is absolutely the biggest non-nation-state supply-chain cyberattack that we’ve ever seen,” said Allan Liska, a researcher with the cybersecurity firm Recorded Future.
The Post reported that ransom notes of $50,000 were being sent to smaller businesses while larger ones were being told to pay $5 million to get their systems back.
John Hammond, a cybersecurity researcher at the cybersecurity firm Huntress Labs, said there are at least 1,000 businesses hit, according to Bloomberg.
“Based on a combination of the service providers reaching out to us for assistance along with the comments we’re seeing in the thread we are tracking on our Reddit, it’s reasonable to think this could potentially be impacting thousands of small businesses,” he said.
“We’re not sure it’s the Russians,” he said. “The initial thinking was, it was not the Russian government, but we’re not sure yet.”
American businesses were not the only targets. In Sweden, grocery chain Coop could not open its stores because its cash registers were hit by the attack.
There are victims in 17 countries so far, including the United Kingdom, South Africa, Canada, Argentina, Mexico and Spain, Aryeh Goretsky, a researcher at the cybersecurity firm ESET told Bloomberg.
Ransomware takes place when hackers encrypt computer files and then demand payment to unlock them.
This marks a serious escalation just weeks after Putin-Biden summit on ransomware. Not only is this a supply chain attack on MSPs; they broke in via a zero day, a significant advance for REVil which has traditionally compromised victims through usual means of phishing, etc. https://t.co/FM3EBS3cI2
— Nicole Perlroth (@nicoleperlroth) July 3, 2021
Kaseya Ltd., a Miami-based software developer, was attacked. Hackers used its network to attack other businesses.
The New York Times reported that the hackers hijacked an update from Kaseya, so that when users installed it, they installed ransomware.
The Times reported that Kaseya has about 40,000 customers.
“What makes this attack stand out is the trickle-down effect, from the managed service provider to the small business,” Hammond said. “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business.”
Truth and Accuracy
We are committed to truth and accuracy in all of our journalism. Read our editorial standards.