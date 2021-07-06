U.S. markets closed

  • S&P 500

    4,352.34
    +32.40 (+0.75%)
     

  • Dow 30

    34,786.35
    +152.85 (+0.44%)
     

  • Nasdaq

    14,639.33
    +116.92 (+0.81%)
     

  • Russell 2000

    2,305.76
    -23.60 (-1.01%)
     

  • Crude Oil

    76.69
    +1.53 (+2.04%)
     

  • Gold

    1,795.50
    +12.20 (+0.68%)
     

  • Silver

    26.67
    +0.17 (+0.64%)
     

  • EUR/USD

    1.1872
    +0.0006 (+0.05%)
     

  • 10-Yr Bond

    1.4310
    -0.0490 (-3.31%)
     

  • GBP/USD

    1.3878
    +0.0032 (+0.23%)
     

  • USD/JPY

    110.8180
    -0.1430 (-0.13%)
     

  • BTC-USD

    33,773.06
    -802.66 (-2.32%)
     

  • CMC Crypto 200

    841.61
    +32.07 (+3.96%)
     

  • FTSE 100

    7,164.91
    +41.64 (+0.58%)
     

  • Nikkei 225

    28,675.74
    +77.55 (+0.27%)
     

Kaseya hack floods hundreds of companies with ransomware

Zack Whittaker
·3 min read

On Friday, a flood of ransomware hit hundreds of companies around the world. A grocery store chain, a public broadcaster, schools, and a national railway system were all hit by the file-encrypting malware, causing disruption and forcing hundreds of businesses to close.

The victims had something in common: a key piece of network management and remote control software developed by U.S. technology firm Kaseya. The Miami-headquartered company makes software used to remotely manage a company's IT networks and devices. That software is sold to managed service providers — effectively outsourced IT departments — which they then use to manage the networks of their customers, often smaller companies.

But hackers associated with the Russia-linked REvil ransomware-as-a-service group are believed to have used a never-before-seen security vulnerability in the software's update mechanism to push ransomware to Kaseya's customers, which in turn spread downstream to their customers. Many of the companies who were ultimately victims of the attack may not have known that their networks were monitored by Kaseya's software.

Kaseya warned customers on Friday to "IMMEDIATELY" shut down their on-premise servers, and its cloud service — though not believed to be affected — was pulled offline as a precaution.

"[Kaseya] showed a genuine commitment to do the right thing. Unfortunately, we were beaten by REvil in the final sprint." Security researcher Victor Gevers

John Hammond, senior security researcher at Huntress Labs, a threat detection firm that was one of the first to reveal the attack, said about 30 managed service providers were hit, allowing the ransomware to spread to "well over" 1,000 businesses." Security firm ESET said it knows of victims in 17 countries, including the U.K., South Africa, Canada, New Zealand, Kenya, and Indonesia.

Now it's becoming clearer just how the hackers pulled off one of the biggest ransomware attacks in recent history.

Dutch researchers said they found several zero-day vulnerabilities in Kaseya's software as part of an investigation into the security of web-based administrator tools. (Zero-days are named as such since it gives companies zero days to fix the problem.) The bugs were reported to Kaseya and were in the process of being fixed when the hackers struck, said Victor Gevers, who heads the group of researchers, in a blog post.

Kaseya's chief executive Fred Voccola told The Wall Street Journal that its corporate systems were not compromised, lending greater credence to the working theory by security researchers that servers run by Kaseya's customers were compromised individually using a common vulnerability.

The company said that all servers running the affected software should stay offline until the patch is ready. Voccola told the paper that it expects patches to be released by late Monday.

The attack began late Friday afternoon, just as millions of Americans were logging off into the long July 4 weekend. Adam Meyers, CrowdStrike's senior vice president of intelligence, said the attack was carefully timed.

"Make no mistake, the timing and target of this attack are no coincidence. It illustrates what we define as a Big Game Hunting attack, launched against a target to maximize impact and profit through a supply chain during a holiday weekend when business defenses are down," said Meyers.

A notice posted over the weekend on a dark web site known to be run by REvil claimed responsibility for the attack, and that the ransomware group would publicly release a decryption tool if it is paid $70 million in bitcoin.

"More than a million systems were infected," the group claims in the post.

Are we overestimating the ransomware threat?

  • Scale, details of massive Kaseya ransomware attack emerge

    Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit. An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said. REvil was demanding ransoms of up to $5 million, the researchers said.

  • Ransomware Group REvil Strikes Again, Demands $70M in Bitcoin From 200 US Firms

    The Russian-based ransomware group is now demanding bitcoin in exchange for a decrypter for the infected machines.

  • More than 1,000 businesses worldwide were hit by this weekend’s ransomware attack

    A breach at IT services company Kaseya has led to more than 1,000 businesses becoming infected with ransomware over the US July 4 holiday weekend.

  • Kaseya hackers demand $70 million in massive ransomware attack

    Russia-linked hackers suspected in this weekend's mass attack on software provider Kaseya, which could affect thousands of companies worldwide, demanded $70 million to restore data they are holding for ransom, Reuters reports.Why it matters: The hack is the latest and most dramatic in a series of high-profile ransomware attacks this year, exposing the pandemic-style threat that this type of cybercrime poses to companies and governments around the world.Stay on top of the latest market trends and

  • Hacking gang says it has locked a million devices and wants $70m in Bitcoin to unlock them

    Russia-connected hacking group REvil appeared to launch its crime spree on Friday

  • Biden orders probe of latest ransomware attack

    U.S. President Joe Biden on Saturday directed U.S. intelligence agencies to investigate a cyber attack that has affected hundreds of American businesses.The hackers, who struck on Friday, hijacked widely-used tech management software from Miami-based supplier, Kaseya.The hackers pushed a malicious update, which spread worldwide on Saturday and has quickly become one of the largest ransomware attacks in history.While on tour to promote a vaccination program, Biden was asked if the hack was linked to Russia."First of all, we're not sure who it is for certain. Number one. And what I did, I've directed the full resources of the government to assist in a response... The fact is that the director of the intelligence community gave me a deep dive on what's happened and I'll know better tomorrow. And if it is either or the knowledge of or the consequence of Russia, then I told Putin, we will respond."Last month, the FBI blamed Russia-linked ransomware gang, REvil, for hacking an American meatpacking company.One security firm, Huntress Labs, believes the same group is to blame for the latest attack.The firm said it was tracking the eight service providers used to infect some 200 clients.Meanwhile, Kaseya also launched its own supply chain investigation, with the help of top U.S. cyber officials.Biden urged Russian President Vladimir Putin last month to crack down on cyber hacks coming from his country and warned of consequences if they continued.

  • REvil Strikes Again. Bitcoin And The Ransomware Problem

    Russia-based hacking group REvil attacked over 200 US networks and demanded $70 million in Bitcoin as ransom.

  • Coop, other ransomware-hit firms, could take weeks to recover, say experts

    Computer systems of several companies across the world, including 800 physical grocery stores of Sweden's Coop, that were shut down after attacked by REvil ransomware could take weeks to recover, cyber security experts said. Hackers from the REvil cybercrime gang compromised systems of IT firm Kaseya and malware trickled down to its resellers and reached end customers such as Coop who used its software. The ransomware locked data in encrypted files and late on Sunday hackers demanded $70 million to restore the data.

  • Ransomware attack leaves companies scrambling

    Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record. (July 4)

