At least 200 companies in the US received damage, including a supermarket chain in Sweden. The US government is investigating the crimes.
A group of cybercriminals is demanding $ 70 million in Bitcoin (BTC) to return the stolen data to hundreds of companies worldwide.
The ransomware group REvil is responsible for an attack that caused the collapse of various companies. As reported by the media, attackers used Kaseya, a software platform designed to help handle IT services remotely, to infect 1 million computer systems.
Kaseya is malicious software that helps cyber-criminals to weaken the networks to sue victims for data ransom money.
A Massive Ransomware Attack
On Saturday, Australia’s ABC News portal reported that the networks of at least 200 US companies received damages from the attack. On that day, Kayesa’s external experts stated that customers who experienced ransomware and received communication from attackers should not click on any links, as the criminals may be trying alternative ways to achieve their goal.
The experts had also posted a statement on their website urging customers to shut down their VSA servers. Sophos CEO and ethical hacker Mark Loman had reported the attack on Twitter, saying that the criminal group was demanding a $ 50,000 ransom. However, the latest reports suggest that the situation is worse than previously estimated.
According to Bloomberg, the attack had damaged more than 1,000 companies in a domino effect. Among these affected companies, a supermarket chain in Sweden told the media it could not open 800 of its stores on Saturday because the attack caused its cash registers to malfunction.
In addition to the United States of America and Sweden, the news portal Hackread estimates that one million systems have affected companies in various nations worldwide, including Canada, the United Kingdom, Mexico, and many more.
The media also cited an alleged statement published by the REvil group where it demands USD 70 million in exchange for a tool to decrypt the data of the compromised companies.
According to this medium, it is the highest amount required in a cyber-attack of its kind. It is also curious that the REvil ransomware group appears to be the same one that attacked the US pipeline company Colonial Pipeline at the beginning of June, and more recently to the food processor JBS USA Holdings.
US Government is Investigating the Crimes
Former Microsoft worker, Cybersecurity expert Kevin Beaumont, shared details about how the attack happened in a blog post. Criminals took advantage of a Kaseya update, using the platform’s administrative privileges to get the systems disrupted.
Once managed service providers get violated, their systems can attack customers for whom they provide remote IT services (network administration, system updates, and backups, among other things). For its part, Kaseya itself has released a compromise detection tool that can help customers identify if they too have been compromised.
By: Jenson Nuñez
