Ransomware group attacks software provider

Ransomware group attacks software provider | Insurance Business

Ransomware group attacks software provider

A ransomware attack carried out Saturday affected thousands of businesses around the world as the hackers targeted an international software provider.

While the exact number of businesses affected by the cyberattack has yet to be determined, cybersecurity researchers anticipate that the attack on software supplier Kaseya could be one of the broadest ransomware attacks on record.

Cybersecurity firm ESET also revealed that victims of the attack were from at least 17 countries, including Canada, Argentina, Germany, Kenya, Mexico, South Africa, and the UK.

CBC News reported that the attack was carried out by the REvil gang, a Russian-speaking ransomware group. The group abused Kaseya’s network-management package as a conduit to spread the malware through cloud-service providers.

Threat intelligence firm Team Cymru also said that the timing of the ransomware attack to coincide with the 4th of July celebrations in the US was planned. Kaseya is based in Dublin, but has a US headquarters in Miami.

Meanwhile, Emsisoft has noted that some of the affected victims appear to be getting ransom demands from the hackers, set at US$45,000. While a relatively small amount, compared to the previous amounts REvil demanded, the cybersecurity firm noted that the amount adds up when considering the potential number of victims.

In a statement, Kaseya CEO Fred Voccola said that the company has identified the source of the vulnerability and will soon release a patch to address it. The CEO also said that fewer than 40 of its customers were known to be affected.

Experts, however, warn that the malware could still be affecting hundreds more companies that rely on Kaseya’s clients, which offer broader IT services.

Kaseya manages a virtual system administrator (VSA) which is used to remotely manage and monitor a customer’s network. The company has advised all its clients to shut down VSA servers immediately – a decision the US Cybersecurity and Infrastructure Security Agency has urged everyone to follow.

REvil was responsible for the cyberattack on meat processing company JBS in June. The attack was so debilitating, that the company had to put its US, Canadian, and Australian operations on hold until it finally paid a ransom of US$11 million to the attackers.