REvil ransomware group strikes again with attack on hundreds of companies right before long holiday weekend
REvillaunched a ransomware attackon Friday that may have impacted hundreds of companies.
- The group targeted IT management software provider Kaseya VSA in what's known as a supply-chain attack.
- REvil most recently attacked meat supplier JBS and received an $11 million payment from the company.
Just ahead of the long holiday weekend in the US, Russian-based REvil launched a
In what's being called the "largest and most significant" ransomware attack to date by Emsisoft threat analyst Brett Callow, REvil targeted IT management software provider Kaseya VSA in what's known as a supply-chain attack.
The attack on Kaseya has appeared to spread to hundreds of its end users, but given the timing of the attack, the full extent of the damage may not be known until next Tuesday as employees return to the office following the long 4th of July weekend.
REvil, which is a Russian-linked criminal
After learning of the attack on Friday, Kaseya shut down its servers and began warning its customers, according to a company statement.
"While our early indicators suggested that only a very small number of on-premises customers were affected, we took a conservative approach in shutting down the SaaS servers to ensure we protected our more than 36,000 customers to the best of our ability," the company said, adding that it believes fewer than 40 of its customers were affected.
But many of Kaseya's customers are service providers that in-turn have hundreds of customers who could have been infected with the ransomware attack.
"This is SolarWinds, but with ransomware. When a single MSP is compromised, it can impact hundreds of end users. And in this case it seems that multiple MSPs have been compromised," Callow told Wired.
While the US government strongly discourages businesses from paying the ransom demands, many businesses have no choice as the encrypted data is essential to keep operations running. The hackers honor the terms of their ransom, as they want to build credibility that paying the fee will in fact get their data back.
The US Cybersecurity and Infrastructure Security Agency said on Twitter it is "taking action to understand and address the supply-chain ransomware attack" against Kaseya VSA.
Al Saikali, partner at law firm Shook, Hardy & Bacon LLP, told The Wall Street Journal that ransom demands in six Kaseya-related attacks it is consulting on range from $25,000 to $150,000. But for large service providers impacted by the attack, the ransom demands have been as high as $5 million.
Assuming REvil's ransomware attack has compromised hundreds of companies, now the question is "how many simultaneous negotiations REvil can handle and whether companies that want to pay may face delays," according to Callow.
- Realme GT Neo 2 5G review: Great performance, fine display but camera needs work
- Cryptocurrency investment 101 — here’s how to do your own research (DYOR) and invest in the right digital asset
- Elon Musk’s puppy, a new strategy to burn tokens, and altcoins playing catch up — the perfect storm for cryptocurrency Shiba Inu to skyrocket
- India's farmers protest takes a gruesome turn with a chilling murder at the scene — here’s the sequence of events
- Bizarre! Shubhman Gill was brought back to bat after being declared out
- Ruturaj Gaikwad and Faf du Plessis — amazing data on how the two openers led CSK to IPL 2021 championship
- Budget and safety top criteria for Chennai households during festive season:LocalCircles
- Electric bus makers on a roll as states like Maharashtra and Karnataka send in large orders