Last week, hackers infiltrated a Florida-based information technology company and deployed a ransomware attack, seizing treasures of data and demanding $ 70 million in payment for its return.
The Kaseya signature hack, which is already being called “The largest ransomware attack on record” has affected hundreds of companies around the world, including supermarkets in Sweden and schools in New Zealand.
In the wake of the attack, cybersecurity teams struggle to regain control of the stolen data as the Biden administration ponders possible diplomatic responses. Here’s what you need to know about the attack, its impact, and what’s next.
What happened and what makes this hack particularly bad?
Hackers infiltrated Kaseya, accessed their customers’ data and demanded a ransom for the return of the data. What makes the hack particularly serious, experts say, is that Kaseya is what’s known as a “managed service provider.” That means their systems are used by companies too small or with modest resources to have their own technology departments. Kaseya regularly sends updates to its customers to ensure the security of their systems. But in this case, those security features were bypassed to deliver malicious software to customer systems.
This stunt was particularly egregious because the bad actors behind it had targeted the same systems that are typically used to protect customers from malicious software, said Doug Schmidt, a professor of computer science at Vanderbilt University.
“This is very scary for many reasons – it’s a totally different type of attack than we’ve seen before,” Schmidt said. “If you can attack someone through a reliable channel, they are incredibly ubiquitous – they will bounce well beyond the perpetrator’s wildest dreams.”
Who what affected?
Kaseya has said that between 800 and 1,500 companies were affected by the hack, although independent researchers we have linked the figure is close to 2000. There are at least 145 victims in the US, according to an external analysis by Sophos Labs, including state and local governments and agencies, as well as small and medium-sized businesses.
Joe Biden said Tuesday that while several smaller American companies, such as dental offices or accountants, may have felt the effects of the attack, not many domestic companies had been affected.
“It appears to have caused minimal harm to American companies, but we are still gathering information,” Biden told reporters after a briefing by advisers. “I feel good about our ability to respond.”
Meanwhile, the impact has reached other continents and the disruption has been felt more intensely in other countries. In Sweden, hundreds of supermarkets had to close when their cash registers were inoperative and in New Zealand, many schools and kindergartens were out of service.
Who is behind the trick?
Affiliates of the Russian hacker group REvil have claimed responsibility for the attack. REVil is the group that unleashed a major ransomware attack on meat producer JBS in June, crippling the company and its supply until it paid a $ 11 million ransom.
REvil has quickly grown into a huge operation, offering “ransomware as a service,” meaning that it rents out its ability to extort companies from other criminals and takes a percentage of each payment. His business operates on a large scale, offering customer service hotlines to enable his victims to pay ransoms more easily.
What happens next?
Kaseya CEO Fred Voccola told Reuters he could not confirm whether Kaseya would pay the $ 70 million ransom or negotiate with hackers for a lower cost: “There is no comment on anything to do with negotiating with terrorists from no way, “he said. .
If the ransom is paid, it could exacerbate a ransomware arms race, Schmidt said. When hackers were successful, he said, they accumulated more financial resources, allowing them to acquire better equipment, improved operations and more skilled hackers.
“When hackers are assured that they will be paid and that they will not get caught, they become much more brazen,” he said. “We are going to see a significant escalation in these types of attacks. This is going to get a lot worse. “
In addition to REvil’s attacks on Kaseya and JBS in recent weeks, another group linked to Russia attacked the US fuel carrier Colonial Pipeline in May. It was revealed on Tuesday that the US Republican National Committee may have been affected by a breach carried out by another Russia-based hacking collective.
As the attacks escalate, the Biden administration has discussed its national and international responses. White House press secretary Jen Psaki said at a press conference Tuesday that Biden will meet with officials from the justice, state and national security departments and the intelligence community on Wednesday to discuss the ransomware and efforts. of the United States to counter it.
He also said that senior US officials would meet with their Russian counterparts next week to discuss the ransomware problem.
“As the president made clear to President Putin when they met, if the Russian government is unable or unwilling to take action against criminal actors in Russia, we will take action or reserve the right,” he said.
Reuters contributed to this report