• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Blog Home
  • Topics
    • Keystone Press Releases
    • Politics and Government
    • Legislation
    • Nevada News
    • Tourism & Gaming
    • Rural Nevada
    • Business
    • Opinion
  • Membership
  • Contact Us
  • About Keystone Nevada

Keystone Nevada Korner

Welcome to The Keystone Korner The Official Blog of Keystone Nevada

Home » At least 17 nations hit by record ransomware attack

At least 17 nations hit by record ransomware attack

July 5, 2021 by Pauline Lee

By Frank Bajak The Associated Press, July 4, 2021

BOSTON— Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit.

An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said.

REvil was demanding ransoms of up to $5 million, the researchers said. But late Sunday it offered in a posting on its dark web site a universal decryptor software key that would unscramble all affected machines in exchange for $70 million in cryptocurrency.

Earlier, the FBI said in a statement that while it was investigating the attack its scale “may make it so that we are unable to respond to each victim individually.” Deputy National Security Advisor Anne Neuberger later issued a statement saying President Joe Biden had “directed the full resources of the government to investigate this incident” and urged all who believed they were compromised to alert the FBI.

Biden suggested Saturday the U.S. would respond if it was determined that the Kremlin is at all involved.

Less than a month ago, Biden pressed Russian President Vladimir Putin to stop giving safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the U.S. deems a national security threat.

A broad array of businesses and public agencies were hit by the latest attack, apparently on all continents, including in financial services, travel and leisure and the public sector — though few large companies, the cybersecurity firm Sophos reported. Ransomware criminals infiltrate networks and sow malware that cripples them by scrambling all their data. Victims get a decoder key when they pay up.

800 Swedish stores closed

The Swedish grocery chain Coop said most of its 800 stores would be closed for a second day Sunday because their cash register software supplier was crippled. A Swedish pharmacy chain, gas station chain, the state railway and public broadcaster SVT were also hit.

in Germany, an unnamed IT services company told authorities several thousand of its customers were compromised, the news agency dpa reported. Also among reported victims were two big Dutch IT services companies — VelzArt and Hoppenbrouwer Techniek. Most ransomware victims don’t publicly report attacks or disclose if they’ve paid ransoms.

CEO Fred Voccola of the breached software company, Kaseya, estimated the victim number in the low thousands, mostly small businesses like “dental practices, architecture firms, plastic surgery centers, libraries, things like that.”

Voccola said in an interview that only between 50-60 of the company’s 37,000 customers were compromised. But 70% were managed service providers who use the company’s hacked VSA software to manage multiple customers. It automates the installation of software and security updates and manages backups and other vital tasks.

Experts: Timing not an accident

Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing U.S. offices would be lightly staffed. Many victims may not learn of it until they are back at work on Monday. Most end users of managed service providers “have no idea” whose software keep their networks humming, said Voccola,

Kaseya said it sent a detection tool to nearly 900 customers on Saturday night.

$70M ransom

The REvil offer to offer blanket decryption for all victims of the Kaseya attack in exchange for $70 million suggested its inability to cope with the sheer quantity of infected networks, said Allan Liska, an analyst with the cybersecurity firm Recorded Future. Although analysts reported seeing demands of $5 million and $500,000 for bigger targets, it was apparently demanding $45,000 for most.

“This attack is a lot bigger than they expected and it is getting a lot of attention. It is in REvil’s interest to end it quickly,” said Liska. “This is a nightmare to manage.”

Analyst Brett Callow of Emsisoft said he suspects REvil is hoping insurers might crunch the numbers and determine the $70 million will be cheaper for them than extended downtime.

Sophisticated ransomware gangs on REvil’s level usually examine a victim’s financial records — and insurance policies if they can find them — from files they steal before activating the ransomware. The criminals then threaten to dump the stolen data online unless paid. In this attack, that appears not to have happened.

Dutch researchers said they alerted Miami-based Kaseya to the breach and said the criminals used a “zero day,” the industry term for a previous unknown security hole in software. Voccola would not confirm that or offer details of the breach — except to say that it was not phishing.

“The level of sophistication here was extraordinary,” he said.

When the cybersecurity firm Mandiant finishes its investigation, Voccola said he is confident it will show that the criminals didn’t just violate Kaseya code in breaking into his network but also exploited vulnerabilities in third-party software.

It was not the first ransomware attack to leverage managed services providers. In 2019, criminals hobbled the networks of 22 Texas municipalities through one. That same year, 400 U.S. dental practices were crippled in a separate attack.

Structural weakness

One of the Dutch vulnerability researchers, Victor Gevers, said his team is worried about products like Kaseya’s VSA because of the total control of vast computing resources they can offer. “More and more of the products that are used to keep networks safe and secure are showing structural weaknesses,” he wrote in a blog Sunday.

The cybersecurity firm ESET identified victims in least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.

Kaseya says the attack only affected “on-premise” customers, organizations running their own data centers, as opposed to its cloud-based services that run software for customers. It also shut down those servers as a precaution, however.

Kaseya, which called on customers Friday to shut down their VSA servers immediately, said Sunday it hoped to have a patch in the next few days.

Active since April 2019, REvil provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms. U.S. officials say the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.

Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said that while he does not believe the Kaseya attack is Kremlin-directed, it shows that Putin “has not yet moved” on shutting down cybercriminals.

Filed Under: Business Tagged With: cyber attacks, cyber criminals, decryptor software, global, national security, ransom, ransomeware, Revil, russian, software breach, unscramble

Primary Sidebar

Connect with Us

  • Facebook
  • Instagram
  • LinkedIn
  • Twitter
Bootleg Bistro
Bootleg Bistro Ad
SLLC_Keystone_Blog-Ad_300x500_10%-Off-Repairs_05.19.21
CIOServices Ad 300x500-100
BRH Keystone Ad JPEG
Willow_Manor
Keystone Corporation Nevada

News Topics

  • Keystone Press Releases
  • Politics and Government
  • Legislation
  • Nevada News
  • Tourism & Gaming
  • Rural Nevada
  • Business
  • Opinion

Rural Nevada

Winnemucca braces for massive lithium mine

September 18, 2023 By Courtney Holland

By Ray Hagar, Nevada Newsmakers, September 18, 2023 Winnemucca, a town of more than 8,600 residents off Interstate 80 in Northern Nevada, is proud … [Read More...] about Winnemucca braces for massive lithium mine

Weather may have slowed January sales

April 8, 2023 By Courtney Holland

By The Record Courier Staff, April 4, 2023 For the third month in a row, Douglas County merchants reported a decrease in taxable sales, though not … [Read More...] about Weather may have slowed January sales

30 new projects in Pahrump: Arby’s, Chipotle, Midas Muffler, 3 convenient stores & more

March 29, 2023 By Courtney Holland

By Robin Hebrock, Pahrump Valley Times, March 28, 2023 Business is booming in the Pahrump Valley, with dozens of new companies looking to bring … [Read More...] about 30 new projects in Pahrump: Arby’s, Chipotle, Midas Muffler, 3 convenient stores & more

UPS and AVK America plan to expand in Douglas County

March 19, 2023 By Courtney Holland

Staff Reports for The Record Courier, March 17, 2023 United Parcel Service plans to build a new 168,000 square foot building in Douglas County, … [Read More...] about UPS and AVK America plan to expand in Douglas County

Opinion

EDITORIAL: Never Never Land for California regulators

September 25, 2023 By Courtney Holland

By the Las Vegas Review-Journal Editorial Board, September 24, 2023 It’s shocking, but California’s efforts to force-feed electric vehicles to its … [Read More...] about EDITORIAL: Never Never Land for California regulators

OPINION: American mining needs Gen Z

September 25, 2023 By Courtney Holland

By Rich Nolan, Reno Gazette Journal, September 18, 2023 By 2030, Gen Z will be 30 percent of the American workforce. This tech-savvy generation has … [Read More...] about OPINION: American mining needs Gen Z

OPINION: DExit to the desert: Why I left Delaware for Nevada

September 25, 2023 By Courtney Holland

By Phil Shawn, The Nevada Independent, September 15th, 2023 Some 80 years ago, visionaries saw a dusty military outpost in the middle of the Nevada … [Read More...] about OPINION: DExit to the desert: Why I left Delaware for Nevada

Tags

Adam Laxalt Biden Administration Business Business Columns Casinos & Gaming Catherine Cortez Masto Clark County Clark County School District economy Editorials Education Elon Musk employment Gov. Joe Lombardo Gov. Steve Sisolak Governor's Office of Economic Development (GOED) Housing inflation Inside Gaming Joe Lombardo las vegas Local Local Las Vegas Local Nevada mc-business mc-local mc-news mc-opinion Nevada News North Las Vegas NPRI Opinion Opinion Columns PAID Politics and Government Real Estate Insider Roe v. Wade school choice Sen. Catherine Cortez Masto small businesses Sports Tesla tourism Victor Joecks

Footer

Copyright © 2023 · Keystone Corporation - All Rights Reserved · Log in
Privacy Policy
By accessing this site, you are agreeing to our Terms of Use

The views, opinions and conclusions expressed by the authors of any article or post on the Keystone Korner are those of the author and do not necessarily reflect the opinions of Keystone Corporation or its officers and board members. Moreover, any reference to a person, party, product or entity does not constitute an endorsement or recommendation by Keystone Corporation or its officers and board members.