Hundreds of companies around the world have been hit by a devastating ransomware attack over the 4 July weekend. The hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software. It was deliberately timed to coincide with the Independence Day weekend in the US, when most IT technicians would not be working.
Hackers who claim to be behind the attack have demanded US$70 million in bitcoin to restore the encrypted data. The ransom demand was posted on a blog typically used by the REvil gang, a major Russian-speaking ransomware syndicate.
The gang broke into Kaseya and used their access to breach some of its clients’ clients, setting off a chain reaction that quickly paralysed the computers of hundreds of firms.
Ross McKerchar, Sophos Vice President and Chief Information Security Officer said: “This is one of the farthest reaching criminal ransomware attacks that Sophos has ever seen. At this time, our evidence shows that more than 70 managed service providers were impacted, resulting in more than 350 further impacted organisations.
“We expect the full scope of victim organisations to be higher than what’s being reported by any individual security company. Victims span a range of worldwide locations with most in the United States, Germany and Canada and others in Australia, the UK and other regions.”
Reacting to the news, Andy Watkin-Child, a Board member of The Security Institute and Chartered Security Professional said: “This has all the hallmarks of the 2020 SolarWinds attack, where an IT service provider is hacked as the route through to attack their clients. Kaseya provides a range of software tools for the remote monitoring, business process integration, compliance integration dashboards, SoC and Network performance monitoring. Some of the most important software any hacker would find useful.
“The hack is another example of a massive supply-chain attack. The use of cyber-attacks to target national infrastructure over the past 8 months has seen SolarWinds, Microsoft Exchange, Colonial Pipeline and JBS meat as targets. The US has signed Executive Orders to examine Supply Chain Risk Management (SCRM) and cybersecurity vulnerabilities targeting the US, which will take time to deliver recommendations and longer still to implement meaningful offensive and defensive cyber capabilities.”
He added: “I don’t believe any country is better at cybersecurity, they are just lucky not to have been targeted by the hackers. It feels like the doors have been left wide open for defensive cyber, until governments realise that all the ‘offensive’ cyber capabilities won’t do corporate America, Europe, Asia, or India any good when the hackers walk around the ‘Cyber Maginot line’.”