Scale, details of massive Kaseya ransomware attack emerge

Scale, details of massive Kaseya ransomware attack emerge

US cybersecurity teams worked feverishly Sunday (US time) to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit.

An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said. They reported ransom demands of up to US$5 million.

The FBI said in a statement Sunday that it was investigating the attack along with the federal Cybersecurity and Infrastructure Security Agency, though “the scale of this incident may make it so that we are unable to respond to each victim individually”.

President Joe Biden suggested Saturday the US would respond if it was determined that the Kremlin is at all involved. He said he had asked the intelligence community for a “deep dive” on what happened.

The attack comes less than a month after Biden pressed Russian President Vladimir Putin to stop providing safe haven to REvil and other ransomware gangs whose unrelenting extortionately attacks the US deems a national security threat.

A broad array of businesses and public agencies were hit by the latest attack, apparently on all continents, including in financial services, travel and leisure and the public sector — though few large companies, the cybersecurity firm Sophos reported. Ransomware criminals break into networks and sow malware that cripples networks on activation by scrambling all their data. Victims get a decoder key when they pay up.

The Swedish grocery chain Coop said most of its 800 stores would be closed for a second day Sunday because their cash register software supplier was crippled. A Swedish pharmacy chain, gas station chain, the state railway and public broadcaster SVT were also hit.

In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised, the news agency dpa reported. Also among reported victims were two big Dutch IT services companies — VelzArt and Hoppenbrouwer Techniek. Most ransomware victims don’t publicly report attacks or disclose if they’ve paid ransoms.

CEO Fred Voccola of the breached software company, Kaseya, estimated the victim number in the low thousands, mostly small businesses like “dental practices, architecture firms, plastic surgery centers, libraries, things like that.”

Voccola said in an interview that only between 50-60 of the company’s 37,000 customers were compromised. But 70 per cent were managed service providers who use the company’s hacked VSA software to manage multiple customers. It automates the installation of software and security updates and manages backups and other vital tasks.

Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing US offices would be lightly staffed. Many victims may not learn of it until they are back at work on Monday. The vast majority of end customers of managed service providers “have no idea” what kind of software is used to keep their networks humming, said Voccola,

Kaseya said it sent a detection tool to nearly 900 customers on Saturday night.

John Hammond of Huntress Labs, one of the first cybersecurity firms to sound the alarm on the attack, said he’d seen $5 million and $500,000 demands by REvil for the decryptor key needed to unlock scrambled networks. The smallest amount demanded appears to have been $45,000.

Sophisticated ransomware gangs on REvil’s level usually examine a victim’s financial records — and insurance policies if they can find them — from files they steal before activating the data-scrambling malware. The criminals then threaten to dump the stolen data online unless paid. It was not immediately clear if this attack involved data theft, however. The infection mechanism suggests it did not.

“Stealing data typically takes time and effort from the attacker, which likely isn’t feasible in an attack scenario like this where there are so many small and mid-sized victim organizations,” said Ross McKerchar, chief information security officer at Sophos. “We haven’t seen evidence of data theft, but it’s still early on and only time will tell if the attackers resort to playing this card in an effort to get victims to pay.”

Dutch researchers said they alerted Miami-based Kaseya to the breach and said the criminals used a “zero day,” the industry term for a previous unknown security hole in software. Voccola would not confirm that or offer details of the breach — except to say that it was not phishing.

“The level of sophistication here was extraordinary,” he said.

When the cybersecurity firm Mandiant finishes its investigation, Voccola said he is confident it will show that the criminals didn’t just violate Kaseya code in breaking into his network but also exploited vulnerabilities in third-party software.

It was not the first ransomware attack to leverage managed services providers. In 2019, criminals hobbled the networks of 22 Texas municipalities through one. That same year, 400 US dental practices were crippled in a separate attack.

One of the Dutch vulnerability researchers, Victor Gevers, said his team is worried about products like Kaseya’s VSA because of the total control of vast computing resources they can offer. “More and more of the products that are used to keep networks safe and secure are showing structural weaknesses,” he wrote in a blog Sunday.

The cybersecurity firm ESET identified victims in least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.

Kaseya says the attack only affected “on-premise” customers, organisations running their own data centres, as opposed to its cloud-based services that run software for customers. It also shut down those servers as a precaution, however.

Kaseya, which called on customers Friday to shut down their VSA servers immediately, said Sunday it hoped to have a patch in the next few days.

Active since April 2019, REvil provides ransomware-as-a-service, meaning it develops the network-paralysing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms. US officials say the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.

Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said that while he does not believe the Kaseya attack is Kremlin-directed, it shows that Putin “has not yet moved” on shutting down cybercriminals.

News Related


How to Mentor a Teenager

Having a good role model is an important part of growing up into a healthy young adult. Since some teens don’t have quality role models in their lives, they may ... Read more »

How to Make an Open Educational Resource

Open educational resource (OER) is something for teaching or learning from that has been created to share freely online. It could be a lesson, a quiz, a whole project or ... Read more »

How to Make the World a Better Place

The world is an awfully big place and there are accordingly a huge number of things that you can do to make it an even more incredible place to live. ... Read more »

How to Make an Educational Video

Making an educational video can be a great teaching tool or simply a fun way to share your knowledge with the world. With the easy accessibility and rampant popularity of ... Read more »

How to Make a Bulletin Board from a Ceiling Tile

Are you looking for a cheap, customizable alternative to rectangular cork boards? perhaps you just need a bulletin board and don’t like black, white or brown that are available at ... Read more »

How to Make Money on Twitter with Revue Newsletters

If you’re a writer looking for a way to make money off your content, Revue is perfect for you. This email newsletter platform, which was recently acquired by Twitter, is ... Read more »

How to Make Money on Facebook Bulletin: A New Monetized Newsletter Platform

Bulletin by Facebook is a newsletter tool for independent writers. It is one of the many platforms that allows writers and journalists full editorial control over their content while making ... Read more »

How to Make Learning Fun

As an educator or parent, it is often a challenge to make learning appear fun to your students and kids. If traditional methods of learning aren’t engaging them, it is ... Read more »

How to Mail a Postcard

Sending a postcard home shows your friends and family that you’re thinking of them. It can be a great way to preserve a snapshot of your time in an exciting ... Read more »

How to Lose Your Voice

Hoarseness or total loss of your voice is caused by a condition called laryngitis in which the voice box (larynx) becomes inflamed. Laryngitis has many causes, so, if you’re aiming ... Read more »

How to Learn Faster

Mastering a new concept takes time and dedication, but don’t you wish there was an easier way to get the hang of it? While cramming the subject doesn’t work in ... Read more »

How to Know the Importance of Education

Getting an education is important, as most career paths require at least some education and training. Though the decision to continue your education is a personal choice, it’s worth considering ... Read more »

How to Keep Kids Engaged in a Remote Classroom

Having the right tools and technologies to run a remote classroom doesn’t make a difference if the kids aren’t engaged and actively learning. Fortunately, there’s plenty you can do to ... Read more »

How to Improve Math Skills

There’s no doubt about it: math is tough. As a result, a lot of kids (and adults!) struggle with math at some point in their lives. By building up your ... Read more »

How to Impart STEM Education to Your Children

When it comes to technological innovation, the United States remains number one. Yet, among 15-year-olds worldwide, the US ranks 29th in math literacy, falling behind Finland, Croatia, the Czech Republic, ... Read more »

How to Help Others

Helping others is a great way to spread joy to others and get the most out of life. Whether you’re helping out at home or in your community, there are ... Read more »

How to Help Improve the Education System

If you aren’t happy with your government’s education system, you may be wondering what you can do to make it better. While improving the education system isn’t easy, there are ... Read more »

How to Help Achieve Universal Primary Education

Achieving universal primary education is one of the UN’s eight Millennium Development Goals. Substantial progress has already been made—in 2000, only 83% of children attended primary school. By 2015, it ... Read more »

Out-of-zone girl, 5, wins right to attend school after enrolment offer unlawfully withdrawn

A new entrant student has won the right to attend an out-of-zone school with her big sister after her family took the school to court. The girl’s big sister attended ... Read more »

How to Greet People from the Philippines

If you’re a foreigner and you wish to visit or live in the Philippines, you should learn how to properly greet people you meet there. In general, Filipino people are ... Read more »

How to Give a Presentation

Giving a presentation terrifies most of us, especially when talking before a crowd of people about an unfamiliar topic. Never fear! There are ways to make a good presentation. The ... Read more »

How to Get over a Crush on Your Boss

Work relationships are tricky and none of them are harder than dating the boss. You’re probably struggling to reconcile your emotions, but how can you get over your feelings? Fortunately, ... Read more »

How to Flirt with an Older Woman over Text

Flirting with an older woman may seem confusing or intimidating, but it really isn’t! It’s actually super simple and really fun. The key is to just know your audience. To ... Read more »

How to Find Online Educational Resources for Kids

The Internet is an amazing place that’s full of educational material, if you know where to look. Even better, many of these resources are free, although some may require an ... Read more »

How to Figure Out if Someone Likes You over Text

Texting is fantastic for a lot of reasons but it does present some unique challenges. For instance, how can you detect chemistry when you can’t read a person’s body language? ... Read more »

How to Enroll in an Online School

Every person wants to achieve the academic goals through quality education at the beginning of a new school year. For students looking to take all their courses online, it is ... Read more »

How to Encourage a Child's Natural Curiosity Through Science

Young children are naturally curious and passionate about learning. They are investigators by nature who want to learn about everything they see around them. When you support your children’s natural ... Read more »

How to Earn Money Online as an Educator

Teachers fulfill a critical requirement in every child’s development. However, the pay that many teachers earn does not sufficiently reflect the efforts and contributions they make to the society. This ... Read more »

How to Drop Out of High School

Dropping out of high school is a serious decision that many people may regret later in their life. A high school diploma is required for many jobs and college attendance. ... Read more »

How to Draw Root Locus of a System

A system with feedback becomes stable when equations describing that system possess roots that follow certain patterns. Otherwise, the system will become unstable. Example of such an unstable system is ... Read more »

How to Do a Case Study

Many fields require their own form of case study, but they are most widely used in academic and business contexts. An academic case study focuses on an individual or a ... Read more »

How to Do Well in Science Class

Doing well in science depends on developing effective study skills and learning to participate in class. If your science class includes labs, you’ll want to learn to do a good ... Read more »

How to Do Qualitative Research

Qualitative research is a broad field of inquiry that uses unstructured data collections methods, such as observations, interviews, surveys and documents, to find themes and meanings to inform our understanding ... Read more »

How to Do Reverse Psychology on a Stubborn Person

Don’t you dare keep reading this article! If that sentence compelled you to continue, you should already understand why reverse psychology works. None of us like being told what to ... Read more »

How to Discover Your Talents

Your perception of yourself is very complex. Similar to how you cannot see your own nose, you may often be blinded to the things that you are best at. It ... Read more »

How to Develop a Curriculum

A curriculum often consists of a guide for educators to teach content and skills. Some curricula are general road maps, while others are quite detailed and give instructions for day ... Read more »

How to Develop Training Materials

Training materials are a necessary part of any program or activity that involves knowledge acquisition and retention. The best approach to developing instructional materials is to start by examining the ... Read more »

How to Deliver Effective Presentations

Delivering presentations is an everyday art form that anyone can master. To capture your audience’s attention, present your information with ease and confidence. Act as if you are in a ... Read more »

How to Describe a Color to a Blind Person

People who are not visually impaired know how a certain color looks, but how would you describe a color to someone who is blind? When you consider that even sighted ... Read more »

How to Decorate a School Notice Board

Having a cheerful bulletin board display in school is a great way to help students feel engaged and motivated before class ever starts. Even better, there are endless designs and ... Read more »