Just a couple of weeks after the Biden-Putin “cyber summit,” where the two leaders discussed increasing cyberattacks, nearly all which have been blamed on Russia, thousands of businesses are being targeted by ransomware attacks
Reuters reported that last Friday cyber criminals hijacked VSA software used by Florida-based IT firm Kaseya, which provides IT services to small- and medium-sized businesses.
A Russia-linked hacker group REvil is suspected of having infected thousands of victims in at least 17 countries, with the typical MO being to gain access through big firms that remotely manage IT infrastructure for companies. The hackers have demanded $70 million in bitcoin to restore data being held for ransom.
This gives them a double play: They are asking Kaseya for the lump sum of $70M, and the backup plan is to offer Kaseye’s clients, individually, for anything between $45,000 and $5M, depending on the size of the business.
Schools, dental practices, architecture firms, plastic surgery centers from Germany, the United States, Netherlands… have all been affected by the attack, even though many have reportedly failed to notify the authorities.
Swedish grocery chain Coop said it closed the majority of its 800 stores on Sunday due to a software failure with its cash registers.
Several IT companies from Germany and Netherlands have announced that they are the victims of the attack, with several thousand of customers compromised.
At least 36,000 companies were indirectly impacted but the full impact of the attack won’t be clear for days, particularly as the U.S. has been celebrating the 4th of July.
U.S. President Joe Biden said the FBI is investigating the attack and vowed to take action if Russia is deemed to be responsible.
Just two weeks ago, Biden met with Russian President Vladimir Putin in Geneva to discuss taking action against hacking groups.
There was no known progress on those talks.
Biden said he handed Russian counterpart Putin a list of 16 sectors such as energy, health care and water services that the U.S. insists are out of bounds to attacks.
"I talked about the proposition that certain critical infrastructure should be off-limits to attack, period — by cyber or any other means," Biden told reporters.
In the meantime, the Russian government has denied any involvement in the attacks, with Putin saying that most hacking crimes originate in the U.S., not Russia.
U.S. intelligence officials have blamed hackers based in Russia for several attacks on U.S.-based companies.
In March, one of the largest insurance companies in the United States, CNA, was reported to have secretly paid $40 million to regain control of its network after a ransomware attack.
While the FBI pinned the Colonial Pipeline cyber-attack on DarkSide, an Eastern Europe-based cybercriminal hacking group, CNA said its investigation concluded that the attackers used a new variant called Phoenix CryptoLocker, malware developed by Evil Corp cyber
group.
As for REvil ransomware group (not to be confused with “Evil Corp” as far as anyone knows for sure), it extorted $11 million from the meat-processor JBS after a Memorial Day attack. In April and March, REvil demanded $50 million from Apple supplier Quanta and computer maker Acer.
Following the Colonial Pipeline attack, Biden signed an Executive Order to improve the nation's cybersecurity and protect federal government networks.
The order lays out a series of new requirements for companies that do business with the federal government, requiring companies to report certain information about cyber breaches. It also establishes a Cybersecurity Safety Review Board to analyze incidents.
