Hackers demand $70m ransom after executing massive Solar Winds-like attack
Record breaking ransom for record breaking attack
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
The notorious REvil gang has claimed responsibility for the widespread supply chainransomwareattack perpetrated over the weekend, demanding $70 million for unlocking computers all around the world.
In one of the most daring attacks, the ransomware gang managed to break into the infrastructure of Managed Service Provider (MSP) Kaseya, and poison an update for their VSA software to deploy ransomware on Kaseya’s business customers.
While the true impact of the attack is yet to be determined,early estimatesbycybersecurityvendorESETseem to suggest the incident has impacted thousands of firms across a dozen different countries.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.
Click here to start the survey in a new window«
“On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is 70 000 000$ in BTC and we will publish publicly [sic] decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour,” reads the notice posted on REvil blog.
Can’t outsource risk
Coincidentally, around this time last year, theUS Secret Service had warnedthat threat actors were increasingly targeting MSPs, since successfully compromising them could give hackers the keys to the kingdom.
According to security firm Sophos and Kaseya customers who spoke withThe Record, the malicious Kaseya update lands on on-premise VSA servers, from where it deploys the ransomware to all connected client systems.
Kaseya isurging all VSA ownersto take their systems offline until further notice.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Mark Loman, malware analyst for security firmSophos, toldThe Recordthat companies who have been impacted are seeing ransom notes of between $50,000 and $5 million, depending on the size of the impacted corporate network.
Meanwhile, in an official statement toThe Record, Kaseya’s CEO Fred Voccola claims that the attack impacted “only a very small percentage” of their customers, pinning the number of affected customers at “fewer than 40.”
“MSPs are a high-value target. If an MSP manages a company’s security, it’s once removed from the company itself, which can mean the actual company is less aware of what is happening. And, as an MSP, you have a ton of data from multiple customers,” Ben Carr, CISO at security company Qualys toldTechRadar Pro.
“While you can outsource the work, you can’t outsource the risk — almost everyone is susceptible to supply chain attacks,” said Carr.
It isn’t immediately clear if Kaseya is entertaining the idea of paying the ransom, which if honored, would become the highest ransomware payment ever made.
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Windows PCs targeted by new malware hitting a vulnerable driver
Dangerous Android banking malware looks to trick victims with fake money transfers
Latest Google Pixel update includes surprise launch of Android 15’s best battery feature
