Major ransomware victim working on patch as REvil cybercriminal gang


Software company Kaseya said on Tuesday that it has found a solution to the cybercrime gang’s vulnerability. REvil exploited in one of the largest global ransomware attacks to date. The cyber gang is demanding $70 million to free the systems of hundreds of businesses it holds hostage.

According to the company, Kaseya planned to bring its servers back online Tuesday afternoon, and plans to make the patch available to in-house customers within 24 hours after the servers are back online, according to the company. The company said it is testing the proposed solution.

“Our global teams are working around the clock to get our customers back up and running,” Kaseya CEO Fred Voccola said in a statement on the company’s website. “We understand that their closure is affecting their livelihoods every second, so we are working hard to resolve this issue.”

White House press secretary Jen Psaki said on Tuesday that senior US national security officials had spoken to “senior Russian officials” about the attack, but the Biden administration had not pinpointed full responsibility. Mrs Psaki said: REvil The gang “has affiliates around the world” and the US Intelligence Community “has not yet fully attributed the attack.”

REvilAccording to the software company headquartered in Miami and Ireland, the ransomware attack on Kaseya affected less than 1,500 businesses after 60 customers using Kaseya products. The victims live in 17 different countries and include many small businesses.

According to cybersecurity researchers, the gang appears to have demanded payments ranging from thousands to millions of dollars. late on sunday, REvil He asked for $70 million in cryptocurrency in exchange for a tool that would release all the held files in less than an hour.

Asked if the White House knew whether the company had paid the $70 million ransom, Psaki said only that management’s policy had advised companies not to pay.

The ransomware attack is the latest in a cyberattack hitting businesses and critical infrastructure that the US federal government is trying to combat. The timing of the attack – the weekend of July 4 – means that many victims may not fully explore the extent of the problem until they return to the office this week.

“This cyberattack is one of the biggest we’ve ever seen,” Ekram Ahmed, spokesman for cybersecurity firm Check Point, said in an email. “What is worrisome here is the combination of supply chain and ransomware attack, you usually see one or the other. a supply chain attack [managed service providers]combined with crippling ransomware has potentially exponential and untenable consequences. ”

Brett Callow, a threat analyst at software company Emsisoft, said this is not surprising. REvil tried to consolidate the ransom negotiations into a single payment.

“The group will not have the capacity to handle more than a thousand negotiations, so monetizing the attack through a single negotiation would be the easiest and most fluid option,” Mr Callow said in an email. “REvil he will probably hope that insurers will also see their offers as an attractive option.”

The vehicle presented by Mr. Callow REvil He noted that it would allow victims to recover faster than possible, and that it would likely be “significantly more” if all victims paid individually. REvil$70 million ransom.

REvil According to cybersecurity researchers, Kaseya is one of the most prolific ransomware groups responsible for the largest number of victims even before the attack. Previously, REvil Cybersecurity software firm Check Point drew attention with its cyberattack on major meat producer JBS, saying it launched an average of 15 cyberattacks a week in the past two months.

REvil It operates on a ransomware-as-a-service model, where the malware developers and the affiliates that distribute it share a portion of the ransom payments made by the victims to gain access to their systems. According to cybersecurity company DomainTools, REvil‘s ransomware avoids targeting computers in a specific “language region”, including Russia and Kazakhstan.

At a summit last month, President Biden warned Russian President Vladimir Putin that the United States would retaliate for further cyberattacks originating from Russia.

Ms Psaki said the attack “underlines the need for companies and government agencies to focus on improving cybersecurity.”

Anne Neuberger, deputy national security adviser for cyber and emerging technology, said the Biden administration had commissioned the FBI and the Cybersecurity and Infrastructure Security Agency to work with Kaseya, and President Biden directed all government resources to investigate the incident.

• Dave Boyer and telegram reports contributed to this article.

Sign up for Daily Newsletters


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *