Weeks after the world's largest meat supplier, JBS, paid $11 million after a ransomware attack, the biggest global ransomware attack was reported over the long weekend of the 4th of July. The details of the scale of the attack are still emerging after initial reports confirmed that thousands of users were affected in over 17 countries.
The recent attack was targeted at Miami-based Kaseya, a remote IT management software and services provider. While Kaseya claimed that only 50-60 of its customers were affected, most of these users were actually managed services providers (MSP).
These are companies that use Kaseya's infrastructure and software to provide IT management services to other companies who do not want to handle IT-related tasks like backup data, applying security updates, installing software among other tasks. In cyber-security terms, this is called a supply chain attack.
Previously: Solar Winds
The domino effect of such is a system is that by infecting the source of all software, the hackers have managed to infect almost all their users in the wake. Last year, a similar attack on Solar Winds allegedly supported by Russia, provided them access to data from multiple US agencies. However, that attack was aimed at spying and did not have a ransom demand associated with it.
Since the attack happened on the long weekend, when most offices were lightly staffed, experts say that the true impact of the attack will only be revealed by Tuesday or Wednesday, when people return to their offices.
Kaseya said that the attack affected customers who had servers installed on their own premises while its cloud services were unaffected. It had sent out a detection tool to over 900 users and asking users to shut down their servers.
The cause of the initial breach is still unclear. However, the company says it working towards a patch to fix the vulnerability, which will be available soon.
The hackers behind this attack, REvil initially demanded $5 million, but have now increased it to $70 million in cryptocurrency in return for blanket decryption for all. The Federal Bureau of Investigation has also begun its investigations.
US agencies believe that most ransomware gangs are based in Russia and operate with state support. Last month, President Joe Biden had pressed Vladimir Putin to stop offering safe haven for REvil and other cybergangs that offer ransomware-as-a-software services.