Just weeks after President Joe Biden implored Vladimir Putin to curb cyber crime, a notorious, Russia-linked ransomware gang has been accused of pulling off an audacious attack on the global software supply chain.
REvil, the group blamed for the May 30 ransomware attack of meatpacking giant JBS SA, is believed to be behind hacks on at least 20 managed-service providers, which provide IT services to small- and medium-sized businesses. More than 1,000 businesses have already been impacted, a figure that’s expected to grow, according to the cybersecurity firm Huntress Labs Inc.
“Based on a combination of the service providers reaching out to us for assistance along with the comments we’re seeing in the thread we are tracking on our Reddit, it’s reasonable to think this could potentially be impacting thousands of small businesses,” according to John Hammond, a cybersecurity researcher at Huntress Labs.
Attacking MSPs is a particularly devious method of hacking, since it may allow the attackers to then infiltrate their customers as well. Hammond said more than 20 MSPs have been affected so far.
Read More: Russia-Linked Group Behind JBS Attack Revels in ‘Audaciousness’
In Sweden, most of grocery chain Coop’s more than 800 stores couldn’t open on Saturday after the attack led to a malfunction of their cash registers, spokesperson Therese Knapp told Bloomberg News.
A Coop store in Stockholm. The company couldn’t open more than 800 stores due to the attack.
Photographer: Love Liman/Bloomberg
There are victims in 17 countries so far, including the U.K., South Africa, Canada, Argentina, Mexico and Spain, according to Aryeh Goretsky, a distinguished researcher at cybersecurity firm ESET.
The ransomware attack is the latest in a string of devastating hacks in recent months, making cybersecurity an increasingly pressing national security issue for the Biden administration. At a summit on June 16, Biden warned Russian President Putin that 16 types of critical infrastructure -- including food and agriculture, emergency services and health care -- were off limits to future attacks. It’s not yet known if the U.S. victims of the latest ransomware attack fell within those sectors.
A software supply chain attack revealed in December included nine U.S. agencies and about 100 businesses as victims. Russian-state sponsored hackers were accused of the attack, where hackers implanted malicious code in updates for popular software for SolarWinds Corp. Customers who downloaded the updates inadvertently created a backdoor that the hackers could then exploit. It was particularly sophisticated and highlighted the terrifying potential of supply-chain hacks.
More recently, ransomware attacks on Colonial Pipeline Co., the operator of the nation’s largest fuel pipeline, and JBS have revealed gaping security vulnerabilities in crucial U.S. businesses. Both Colonial and JBS paid the hackers millions of dollars. The hackers behind the Colonial attack, a group called DarkSide, have also been tied to Russia.
Read More: Biden Says He Gave Putin Cyber Warning
Friday’s attack appears to combine a supply-chain attack with ransomware, vastly increasing the number of potential victims and presumably, the payout. Ransomware is a type of attack in which hackers encrypt computer files and then demand payment to unlock them.
Among the companies targeted was Kaseya Ltd., a Miami-based developer of software for managed service providers, as a way to attack its customers, according to cybersecurity experts.
“What makes this attack stand out is the trickle-down effect, from the managed service provider to the small business,” Hammond said. “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business.”
Read More: Ransomware Attackers Up Ante As White House Vows Crack Down
In a statement, Kaseya said it has notified the FBI. The company said it had so far identified less than 40 customers that were impacted by the attack.
Allan Liska, a senior threat analyst at cybersecurity firm Recorded Future Inc., said REvil was behind the attacks.
Eric Goldstein, the executive assistant director for cybersecurity at the U.S. Cybersecurity and Infrastructure Security Agency said the group is closely monitoring this situation.
“We are working with Kaseya and coordinating with the FBI to conduct outreach to possibly impacted victims,” he said in a statement. “We encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya’s guidance to shut down VSA servers immediately. As always, we stand ready to assist any impacted entities.”
Two of the affected MSPs include Synnex Corp. and Avtex LLC, according to two people familiar with the breaches. Avtex President George Demou told Bloomberg News in a text message on Friday night, “Hundreds of MSPs have been impacted by what appears to be a Global Supply Chain hack.”
“We are working with those customers who have been impacted to help them to recover,” he added.
A Synnex spokesperson didn’t immediately respond to requests for comment.
— With assistance by Love Liman, and Alyza Sebenius
"impact" - Google News
July 03, 2021 at 09:26PM
https://ift.tt/2TxlDgX
Massive Ransomware Attack May Impact Thousands of Victims - Bloomberg
"impact" - Google News
https://ift.tt/2RIFll8
Shoes Man Tutorial
Pos News Update
Meme Update
Korean Entertainment News
Japan News Update
Bagikan Berita Ini
0 Response to "Massive Ransomware Attack May Impact Thousands of Victims - Bloomberg"
Post a Comment