Hackers demand $70m after Kaseya attack

In News

Hackers were demanding $70 million in bitcoin in exchange for data stolen during an attack on a US IT company that has shuttered hundreds of Swedish supermarkets. Researchers believe more than 1,000 companies could have been affected by the attack on Miami-based firm Kaseya, which provides IT services to some 40,000 businesses around the world.

The FBI warned Sunday that the scale of the “ransomware” attack — a form of digital hostage-taking where hackers encrypt victims’ data and then demand money for restored access — is so large that it may be “unable to respond to each victim individually”. Sweden’s Coop supermarket chain was among the most high-profile victims, with “a majority” of their 800 stores still closed three days after the hack paralysed its cash registers, spokesman Kevin Bell told AFP.

Coop is not a direct customer of Kaseya’s, but its IT subcontractor Visma Esscom was hit by the attack. Bell stressed that the situation was looking “positive compared to a few days ago”, but the few hundred stores that have reopened were relying on alternative payment solutions, such as customers paying using their smartphones.

Experts believe the attack was probably carried out by REvil, a Russian-speaking hacking group known as a prolific perpetrator of ransomware attacks. A post on Happy Blog, a site on the dark web previously associated with the group, claimed responsibility for the attack and said it had infected “more than a million systems”.

The FBI believes that REvil, which also goes by the name Sodinokibi, was behind a ransomware attack last month on global meat-processing giant JBS, which ended up paying $11 million in bitcoin to the hackers. The blog post claiming responsibility for the Kaseya attack said the hackers would post a decryption tool online “so everyone will be able to recover from attack in less than an hour” — if they were handed $70 million in bitcoin.

Kaseya describes itself as a leading provider of IT and security management services to small and medium-sized businesses. The company said Sunday that it believed the damage had been restricted to a “very small number” of customers using its signature VSA software, which lets companies manage networks of computers and printers from a single point.

But cybersecurity firm Huntress Labs said in a Reddit forum that it was working with partners targeted in the attack, and that the software was manipulated “to encrypt more than 1,000 companies”. Kaseya said it had “immediately shut down” its servers after detecting the attack on Friday and warned its VSA customers to do the same, “to prevent them from being compromised.” The company has released a tool allowing its customers to find out whether their own computer systems have been compromised by the attack.

Kevin Reed, CISO at Acronis comments “Far as we’re aware, REvil’s systems involve a high degree of automation – humans are only involved if a victim wants to negotiate a price. So, they may not really need to scale to cover the “long tail” of $45,000 ransoms. Victim pays to a predefined Bitcoin wallet, they detect the payment and release the decryption key for the victim – no human involved at this stage. I think the offer of a universal decryptor is a PR stunt. If they indeed encrypted one million systems, assuming 1,000 systems per victim, it’s in the range of 1,000 victims – which correlates with some of the earlier findings reported. With an average of $45,000 per victim – was their standard fee in this case – that makes up $45 million. Yes, some victims were individually targeted and had higher ransoms, but I doubt the total target reached $70 million. Also, those individually targeted victims will be handled by humans anyway and their numbers seem not large enough at this point to impose the REvil scale-out problem.”

 

Comments

You may also read!

Sophos present at GITEX with its latest cybersecurity innovations

Sophos today announced its participation at GITEX starting today, where it will be showcasing its newest cybersecurity innovations, including

Read More...

AmiViz to present BlackBerry Cyber Suite solutions at GITEX

At this year, BlackBerry has partnered with AmiViz, the Middle East region’s first enterprise B2B marketplace for the weeklong

Read More...

AmiViz delivers value from its four pillars of success

The Middle East region’s first enterprise B2B marketplace, AmiViz today announced that during development of its platform, the company

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu