Hackers have encrypted the computers of numerous companies through a hole in the American IT service provider Kaseya. The REvil group behind the attack is now demanding a ransom of $ 70 million.
Over the weekend, hackers attacked hundreds of companies with blackmail software. The goal: the big booty. The REvil group is demanding $ 70 million in the digital currency Bitcoin for a master key to all affected computers. The hackers claim their software infected more than a million computers. If that’s true, it would be the biggest ransom attack to date, emphasized Mikko Hyppönen from the IT security company F-Secure on Monday.
Vulnerability in Kaseya software
The hacker group used a vulnerability at the American IT service provider Kaseya to attack its customers with a program that encrypts data and demands a ransom. The particularly perfidious thing about this attack path is that Kaseya software is classified as trustworthy on the computers – this also cleared the way for the version prepared by the hackers.
Up to now, the extent of the damage could hardly be assessed by an independent party. The IT security company Huntress spoke of more than 1000 companies in which systems were encrypted. Kaseya reported that fewer than 40 customers were affected. However, these also included service providers who in turn have several customers. The result was a domino effect.
Domino effect: hacker attack hits Swedish supermarket chain
The Swedish supermarket chain Coop was hit across several corners. Of the good 800 shops, only 5 were open at times on the weekend because the checkout systems were not working. On Sunday, the company managed to switch to payment via its own “Scan & Pay” app in at least some of the stores.
According to the Federal Office for Information Security (BSI), an IT service provider and several of its customers were affected in Germany. There are a few thousand computers in several companies, said a spokesman on Sunday. As far as the government knows, federal authorities and critical infrastructure facilities “of a reportable size” are not affected, said a spokeswoman for the Federal Ministry of the Interior on Monday.
REvil: Successful attack on meat company JBS
The REvil group, located in Russia by experts, was behind the attack on the world’s largest meat company JBS a few weeks ago. As a result, the company had to close plants for several days, including in the USA. JBS paid the attackers the equivalent of eleven million dollars in cryptocurrencies.
In the latest attack, the attackers promise in a blog entry that the affected systems will be decrypted within an hour if the 70 million US dollars (around 59 million euros) are paid, as reported by the IT security company Sophos, among others. “If REvil wins now, they will be unstoppable,” warned F-Secure expert Hyppönen on Twitter.
Now a professionally organized underground industry
Blackmail software – also known as ransomware – has been around for a long time. Consumers are mostly at risk when they click links in bogus emails. In 2017, within a few weeks, there were two large waves of attacks with the ransomware programs “WannaCry” and “NotPetya”. At that time, among other things, British hospitals, Deutsche Bahn display boards and computers were operated by the Maersk shipping company, the Nivea group Beiersdorf and affected the car maker Renault.
At the time, however, the malware seemed to spread from computer to computer in a rather uncoordinated manner – and according to some experts, the hackers were more concerned with disrupting than making money. The hackers lived mainly from the fact that every now and then a desperate consumer got involved in the ransom demand. In the meantime, there is a professionally organized underground industry behind the attacks that aims to maximize profit in a targeted manner.
Security researchers have already discovered a vulnerability at Kaseya
The targets of attack are correspondingly prominent this year. A few weeks before the meat company JBS, it hit the operator of one of the most important gasoline pipelines in the USA. The stop of the pumps caused some panic buying on the US east coast. The operating company Colonial paid the hackers $ 4.4 million – but a good half of that was confiscated online by the FBI a little later.
A dramatic detail in the current case is that the vulnerability at Kaseya had already been discovered by Dutch security researchers – and they were working with the company to close it. “Unfortunately, we were beaten by REvil in the final sprint,” the experts wrote in a blog post.
David William is a talented author who has made a name for himself in the world of writing. He is a professional author who writes on a wide range of topics, from general interest to opinion news. David is currently working as a writer at 24 hours worlds where he brings his unique perspective and in-depth research to his articles, making them both informative and engaging.
