A ransomware attack on international IT firm Kaseya this week targeted multiple businesses that rely on the company as a managed service provider (MSP). According to the company’s CEO Fred Voccola, small concerns, like dental practices, architecture firms, plastic surgery centers, and libraries, are the kinds of businesses affected.
There are reports of victims spread across at least 17 countries. In Sweden, for example, hundreds of supermarket stores operated by the Swedish Coop were forced to close when their checkouts stopped working.
Each company has received a ransom demand to pay up in amounts calculated per machine shut down by the attack.
At first, Kaseya thought a few hundred companies were contacted — but now admits numbers are in the thousands. As a result, the attackers moved the goalposts, demanding one ransom from Kaseya to release all machines of $70 million in Bitcoin cryptocurrency. But once realizing the smaller sizes of many businesses involved, they adjusted their demands to $50 million.
The group behind the attack, REvil, is a Russian-linked organized crime gang. We reported back in May on a ransomware supply-chain attack that halted U.S. meat production. REvil was behind that attack — which netted them an $11 million ransom payment. The group made $100 million in 2020 conducting similar attacks.
The style of ransomware deployed by REvil is to encrypt company files, disrupt working devices, including payment machines, and refuse to release them until the ransom is paid.
Wired describes REvil’s form of attack as “… if you successfully hack an MSP, you suddenly have access to its customers. It’s the difference between cracking safe deposit boxes one at a time and stealing the bank manager’s skeleton key.”
REvil previously targeted an MSP in 2019, using a third-party IT company to hijack 22 Texas municipalities all at once — multiplying the potential ransoms that can be paid out.
What’s of some concern to authorities is the latest pattern of attacks show REvil and other organized crime hacker groups are clearly moving towards what is known as the “double extortion” technique. If a company holds out on the initial ransom, the attackers make a second threat — to release the stolen information in underground forums and blog sites.
In other news
- Big Tech chiefs sign UN agreement to protect women online. At the UN Generation Equality Forum in Paris this week, Facebook, Google, TikTok, and Twitter made more substantial commitments to battle online abuse and improve women’s safety on their platforms. Responding to an open letter from the Web Foundation addressed to the four CEOs and signed by more than 200 prominent figures urging action, Engadget reports women will benefit from promises to improve content curation tools. There are to be more granular settings over who sees, comments on, replies to, or shares your posts. Reporting online abuse is to be made simpler, and companies promise women will be able to track and monitor reports they file. According to the letter, 38% of women report receiving abuse when online. Signatories included actors Emma Watson and Gillian Anderson, ex-Australian prime minister Julia Gillard, UK Members of Parliament Diane Abbott and Jess Phillips, and Creative Commons CEO Catherine Stihler.
- Flying car … flies! You may remember Scaramanga’s daring escape in a flying car in the James Bond film, The Man with the Golden Gun (1974)? In another case of art becoming life, a flying car made its first intercity flight over Slovakia this week. The Air Car, a creation of Klein Vision, has been in the making for 30 years. Professor Stephan Klein, the hybrid car’s inventor, simply clicked a button upon landing to tuck the wings in, and three minutes later, drove the car home. According to Morgan Stanley predictions, the flying car with a ‘license to thrill’ has a future market value of $1.5 trillion by 2040.
- Data of 700 million LinkedIn users posted on hacker forum for sale. Restore Privacy recently discovered that for $5,000 any interested party can buy the data of almost all of LinkedIn’s users. LinkedIn claims it is data that is commonly scraped from the web about those who use LinkedIn, but the hacker, contacted by Restore Privacy stated the data was exfiltrated after a hack into LinkedIn’s API (application program interface). Restore Privacy advises platform users to watch out for phishing, social engineering approaches, hacked accounts, and identity theft. Users should change their passwords and install multi factor authentication on any social media accounts linked to LinkedIn.
Tip of the week
Our thoughts are with everyone affected by the REvil cyber-attack and this volatile situation. If you’ve been targeted by this attack or are not sure, there’s advice on checking over and securing your systems from the U.S. government here.
It’s worrying how quickly unscrupulous hackers can target your company. Suppose you’re looking for some help with website security, server security, or advice on protecting your business from cyberattacks. In that case, Namecheap offers lots of free tips and ideas on our blog.
If you wish to understand more about website security, our security pages explain how different products from Namecheap protect a domain.
[News] Ransomware attacks on 1000+ smaller businesses .