The biggest global ransomware attack was hatched Friday, July 2, and it affected hundreds of small businesses and tens of thousands of computers. More than a thousand victims across 17 countries were targeted by a notorious group called REvil. The criminal gang hacked into a software vendor to gain access to its customers’ networks. The hackers initially demanded $50,000 per small business but late Sunday night upped it to a universal $70 million to unlock everything.

What Happened?

Kaseya sells software to companies to manage their information technology. It also sells to third-party service providers. REvil broke into its system through a vulnerability in its code. According to chief executive Fred Voccola, the company detected the compromise within an hour, was able to shut it down, and limited the number of businesses and networks involved.

The extent of the damage remains unclear, but it is estimated somewhere between 800 to 1,500 companies were affected. Kaseya sells its software to thousands of technology providers but claims that only 50 to 60 customers were impacted. Still, REvil was able to lock up tens of thousands of computers.

Russian Link

President Joe Biden suggested that the United States would respond if it were determined the Kremlin was involved in the attack. REvil is a well-known ransomware group that, according to cybersecurity experts, is based in Russia. A few weeks ago, Biden pressed Russian President Vladimir Putin during a summit to stop giving hacking groups a haven in his country as they attack the U.S. government and businesses.

Victims

Public agencies and businesses across the world were affected. The REvil criminals were able to infiltrate networks and implement malware that scrambled data. Victims receive a decoder key when they pay a ransom.

Swedish grocery chain Coop said it will have to keep its 800 stores closed for a second day due to its cash register software supplier being affected. A pharmacy chain, a public broadcaster, a gas station chain, and a state railway were hacked in Sweden. Eleven schools in New Zealand were victimized. Others included architecture firms, libraries, plastic surgery centers, and dental practices.

Luckily, the type of immediate, major impact the United States faced in the Colonial Pipeline hack did not recur. This past May, the nation saw panic-buying and fuel shortages as a result of that shutdown.

New Era of Hacking

According to experts at Huntress, a cybersecurity company, the biggest area of concern is not the number of victims but the high level of sophistication and planning, which hints at a government operation rather than a criminal one. These ransomware attacks are starting to look more like nation-state operations.

The tactics and skills of sophisticated adversaries are being adopted by groups with financial motives. Jack Cable, a cybersecurity researcher at Krebs Stamos Group, suggested this is the most alarming element in recent attacks. He noted, “Ransomware groups don’t abide by the same rules, and in some ways, we could see it have a larger impact.” International laws and treaties outline the rules and guidelines nation-states are supposed to follow. Criminal organizations do not care about the rules and now have acquired the ability to carry out government-level strikes.

This past weekend REvil launched a supply chain hack. Getting into Kaseya provided incredibly broad access to other companies and their users/customers. With businesses paying millions in ransoms, “we have cybercriminals who are more determined and better resourced than ever before,” according to Cable. He called them “apex predators.”

~

Read more from Keelin Ferris.