A group of Russian-speaking hackers have claimed responsibility for a massive ransomware attack over the holiday weekend that hit 200 U.S. companies and hundreds more worldwide, with the group demanding $70 million in bitcoin to restore the companies’ data in the latest debilitating cyberattack to hit the U.S. this year.
Hackers breached Kaseya
The ransom was published on Sunday on a blog normally used by REvil, a major Russian-speaking ransomware group that recently extorted $11 million from the world’s largest meat processor, JBS, after wiping out one fifth of U.S. beef production. Hackers targeted software supplier Kaseya and penetrated cloud-service providers by going through its network management system.
The hack has affected at least 200 U.S. firms and shuttered hundreds of Swedish supermarkets over the weekend after the hackers breached Kaseya, a Miami-based IT firm, and used that access to break into its clients’ systems.
Sophisticated ransomware gangs on REvil’s level usually examine a victim’s financial records — and insurance policies if they can find them — from files they steal before activating the ransomware.
Who was affected by the new hack?
Kaseya says just a few dozen of its customers were directly affected by the attack, but knock-on effects have brought down firms in 17 countries including US and the UK – with one expert saying the attack is ‘unprecedented’ in its scale and sophistication.
Swedish grocery stores, schools in New Zealand, and two major Dutch IT firms were among the victims of hacking group REvil which launched its attack on Friday after breaching the systems of US-based software firm Kaseya.
Swedish grocery chain Coop was forced to close all 800 of its stores on Sunday and said they would remain shut on Monday after its tills were affected.
The country’s national rail operator and public broadcaster SVT were also affected.
In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised.
Also among reported victims were two big Dutch IT services companies – VelzArt and Hoppenbrouwer Techniek.
But most victims are believed to be small to medium-sized businesses and public services that are unlikely to announce they have been infected – such as dental practices, architecture firms, plastic surgery centers, and libraries.
What now?
Joe Biden, who last month warned President Putin to take action against hacking groups targeting the US from Russia, said the FBI is investigating the latest hack and he will take action if Moscow is deemed to be responsible.
Analysts said it is no coincidence that the latest attack coincided with the July 4 weekend, when companies would be under-staffed and less able to respond.
Deputy National Security Advisor Anne Neuberger later issued a statement saying President Joe Biden had ‘directed the full resources of the government to investigate this incident’ and urged all who believed they were compromised to alert the FBI.
The president told reporters Saturday that it is not yet clear who is behind the latest cybersecurity breach to strike American businesses but insisted that he ‘will respond’ if it is tied to Russian President Vladimir Putin.
He added: ‘If it is either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond.’
If you know someone that has been affected by this tragedy, please let them know that we can help them if needed.
Has your firm been affected? Contact us now.
