REvil Gang Demands US$70 Million to Free Kaseya’s Business

REvil Gang Demands US$70 Million to Free Kaseya’s Business

Yet another supply chain ransomware attack reveals the vulnerabilities present in the industry. Hackers suspected to be behind the attack that impacted hundreds of organizations worldwide have demanded US$70 million for restoring the data they are holding ransom.

The ransomware attack carried out by REvil, a Russia-linked cybercriminal group, on July 5, 2021 affected between 800-1500 businesses across the globe. US IT firm Kaseya was the target of the ransomware attacks. The company is struggling to assess the full scope of the ransomware attack on its customers.

Emphasizing on the critical nature of the attack, Guido Grillenmeier, Chief Technologist at Semperis, said, “The supply chain ransomware attack involving software company Kaseya is a wakeup call to anyone that believes cybercrime won’t affect them.”

Known for providing software tools to IT outsourcing enterprises that typically handle back-office work, Kaseya’s solutions enable them to have their own tech department in place. One of its solutions was compromised on Friday, July 2, 2021 that allowed the ransomware group to paralyze hundreds of businesses across five continents. “Hackers and security researchers have access to many of the same basic tools for scanning the internet looking for computers that are vulnerable to attack,” says Guido Grillenmeier.

Also Read: Why Business Users Cannot Wait for Patch Updates

He further added, “But by infecting IT support organizations, the malicious software was passed to customers as well, multiplying the impact.” Grillenmeier said that Kaseya offers a cloud-based solution called VSA for “Unified Remote Monitoring & Management” to fully control and monitor endpoints and corporate networks. Its cloud solution is supported by an on-premise instance of the software – the VSA server – which customers would deploy into their network. “This would typically grant them administrative access to the respective endpoints by using an Active Directory service account to manage the end-devices of their customers.

“Depending on the care taken during the configuration of the Kaseya VSA server in the customer’s infrastructure, it is highly likely that it is not only managed endpoints such as the cash registers of Swedish supermarket group Coop that were taken down. We can also expect to see more disruption in other companies, loss of revenue and even operations being shut down completely due to the takedown of their Active Directory Domain Controllers,” added Grillenmeier.

The cybercriminal group, REvil has demanded US$70 million to restore the data of affected businesses. The group is willing to negotiate on their offer. Kaseya has not yet released a statement on whether they will take up the offer or re-negotiate.

Also Read: Strategies to Address Misconfigurations – The Biggest Threat to Cloud Security

Taking its global impact into account, the White House said it is checking whether there was any ‘national risk’ posed by the ransomware outbreak. Since Kaseya was in the process of fixing vulnerability in the software exploited by the hackers, some IT security professionals speculate that the hackers may have been monitoring the company’s communications from the inside.

In recent months, the topic of ransom payments has become increasingly critical as the attacks have become disruptive and lucrative. “This hack demonstrates that cyber war reaches far beyond the business arena and into society at large, therefore being able to say “no” to ransom and blackmail demands makes us all safer,” says Grillenmeier. He concluded by saying, “This comes down to organizations having adequate provision for cyber preparedness, incident response, and disaster recovery within their enterprise directory services. It is these directory services that are relied upon by over 90% of organizations worldwide.”

For more such updates follow us on Google News ITsecuritywire News