Over the usually sedate long holiday weekend, a major cybersecurity incident roiled the world. The cybercriminal gang known as REvil claimed responsibility for an enormous ransomware attack on scores of managed service providers worldwide, causing businesses and organizations to grind to a halt. REvil apparently gained access to the systems of Miami-based Kaseya Ltd., a provider of IT management and patch management software to MSPs. Through the breach, REvil was able to deploy ransomware to networks. Reportedly, more than 1 million systems were hit and possibly infected in the attack. On its Dark Web website, REvil demanded $70 million in cryptocurrency for a “universal decryptor software key.” If paid, it would be the largest ransom ever extorted.
The timing is probably no coincidence. IT staffs are usually at lower levels during holiday weekends, especially those holidays that occur during the summer. With fewer IT security pros around, it raised the odds that the attack would be successful. The incident is the latest in a growing and concerning number of supply-side attacks. Bleeping Computer has a good under-the-hood analysis of how the REvil ransomware attack was accomplished.
U.S. President Joe Biden ordered a probe of the incident, and while REvil is believed to be a Russian-linked entity, Biden said he wasn’t certain who was behind the attack. On its Twitter page, the U.S. Cybersecurity and Infrastructure Security Agency said it is taking action to “address the supply-chain ransomware attack.”
.@CISAgov is taking action to understand and address the supply-chain #ransomware attack against Kaseya VSA and the multiple #MSPs that employ VSA software. Review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers: https://t.co/48QLkEm1eY
— US-CERT (@USCERT_gov) July 2, 2021
Kaseya has dedicated a page on its website to continual updates, noting it was the “victim of a sophisticated cyberattack.” Kaseya said it would update the situation on its website as it learned more about the repercussions. The major fear is that the attack may have hit companies involved with important or even crucial infrastructure.
Featured image: Shutterstock