Scale, details of massive Kaseya ransomware attack emerge
Source: AP
By FRANK BAJAK
BOSTON (AP) Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit.
An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said.
REvil was demanding ransoms of up to $5 million, the researchers said. But late Sunday it offered in a posting on its dark web site a universal decryptor software key that would unscramble all affected machines in exchange for $70 million in cryptocurrency.
Earlier, the FBI said in a statement that while it was investigating the attack its scale may make it so that we are unable to respond to each victim individually. Deputy National Security Advisor Anne Neuberger later issued a statement saying President Joe Biden had directed the full resources of the government to investigate this incident and urged all who believed they were compromised to alert the FBI.
FILE - This Feb 23, 2019, file photo shows the inside of a computer in Jersey City, N.J. Cybersecurity teams worked feverishly Sunday, July 4, 2021, to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit. An affiliate of the notorious REvil gang, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said. (AP Photo/Jenny Kane, File)
Read more: https://apnews.com/article/joe-biden-europe-government-and-politics-technology-business-fc0df4c42f8cd6148bf936ca24bb5cbe
lonely bird
(1,676 posts)The only potentially secure networks/computers are those that do not interact with the internet at all.
ancianita
(35,933 posts)as reviewed by Slashdot.
https://it.slashdot.org/story/21/07/05/0210241/worlds-single-biggest-ransomware-attack-hit-thousands-in-17-countries
-- from the AP: "The attack comes less than a month after Biden pressed Russian President Vladimir Putin to stop providing safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the U.S. deems a national security threat."
-- Bleeping Computer notes the exploited vulnerability "had been previously disclosed to Kaseya by security researchers from the Dutch Institute for Vulnerability Disclosure (DIVD), and Kaseya was validating the patch before they rolled it out to customers."
-- In a statement today, DIVD posted that "During the last 48 hours, the number of Kaseya VSA instances that are reachable from the internet has dropped from over 2,200 to less than 140 in our last scan today... A good demonstration of how a cooperative network of security-minded organizations can be very effective during a nasty crisis."
lagomorph777
(30,613 posts)No, these people are Putin's employees.
Let's give 'em a little kinetic reminder not to fuck with us.
ancianita
(35,933 posts)AP wording, not our government's. I'm sure Joe knows but can't tell us all that he's got proof, and so media uses that lingo.
He knows we've got retaliatory power, too, but that's all classified.
By the time we're spent from outrage over the problem and the attackers, and the doubt is spread around about "wtf are we doing about this! " our cyber guys have already done damage to their systems because some battles can't be in the public domain, or even reported on later. Drama, as we know from tfg, is destabilizing on lots of levels.
lagomorph777
(30,613 posts)Maybe quietly drain all their bank accounts and shut off their electricity.
ancianita
(35,933 posts)Yeah. Hit those accounts and get our own money back.
Yo_Mama_Been_Loggin
(107,741 posts)Russia-linked hackers suspected in this weekend's mass attack on software provider Kaseya, which could affect thousands of companies worldwide, demanded $70 million to restore data they are holding for ransom, Reuters reports.
Why it matters: The hack is the latest and most dramatic in a series of high-profile ransomware attacks this year, exposing the pandemic-style threat that this type of cybercrime poses to companies and governments around the world.
Details: Hundreds of companies were directly hit by the supply-chain attack on Kesaya's VSA software, which provides IT services to small and medium-sized businesses, according to CNET. At least 36,000 companies were indirectly impacted.
The Coop, one of Sweden's largest grocery chains, had to close 800 of its stores, according to the New York Times.
https://www.yahoo.com/news/kaseya-hackers-demand-70-million-125138084.html
Javaman
(62,503 posts)Its only now that the attackers (Russia, Iran, China and North Korea) have gotten openly brazen about it.
Have you noticed after the solar winds hack the black hats suddenly came out in the open.
They got all that info about where to hack, when to hack and who to hack. It will only get worse.
Dont get me wrong, we are attacking right back, but after solar winds we are playing catch up.
I wrote one here Ron DU after the solar winds hack that it was the equivalent of Pearl Harbor, 9/11 and the Ter offensive, (plus anything else you want to include) all rolled into one.
And here we are. This is how that bad actors
of the world attack us now. They know they cant go after us militarily per say, so they go after us this way.
As long as the public isnt directly effected, they know people wont give a damn. That is until they have to.
Take down a grid, stop fuel shortages, stop supply lines and food deliveries; have all happened in one way shape or form on a small scale.
They are probing the lines, looking for weaknesses and seeing how we react.
Like I said, this shit is only going to get worse.
stillcool
(32,626 posts)aren't going to be of any use. The world gets smarter, and the U.S. gets more guns.
there are those in the Gov't that are actively trying to respond to these attacks. but our mode of thinking (right wing congress and a few Dems) is still stuck in the 1950s-60's military logic.
it's going to be an uphill battle for a while.
Response to Omaha Steve (Original post)
Javaman This message was self-deleted by its author.
nitpicker
(7,153 posts)Kaseya says up to 1,500 businesses compromised in massive ransomware attack
By Alex Marquardt, CNN Business
Updated 4:08 AM ET, Tue July 6, 2021
(CNN Business)Software vendor Kaseya says that between 800 and 1,500 businesses have been compromised by the recent ransomware attack that has ricocheted around the world.
Kaseya said in a statement on Monday that approximately 50 of its direct customers were breached in the attack that began to unfold on Friday. But hundreds more companies were affected because many of Kaseya's customers provide IT services to small businesses such as restaurants and accounting firms.
(snip)
Kaseya said that it has met with US government agencies including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). It said it had also engaged with the White House and cybersecurity firm FireEye Mandiant.
The White House on Sunday urged companies who believe their systems were compromised in the ransomware attack that targeted Kaseya to immediately report it to the Internet Crime Complaint Center.
(snip)