A cyber attack on American IT firm Kaseya, reported last week, turned out to be the biggest global ransomware attack on record. Hundreds of businesses in the United States were hit on Friday by the unusually sophisticated cyber attack.
More details have now emerged about how a Russia-linked gang breached the company whose software was the conduit.
The software targeted by the attackers was VSA, which is used by companies that manage technology at smaller businesses.
The cybersecurity teams are still working to stem the impact of the attack.
Here is how the attack spread:
- The ransomware infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, according to cybersecurity researchers.
- The demands have been made to pay a ransom of $5 million. However, some cyber security experts said the smallest amount demanded appears to have been $45,000.
- The attackers are believed to be an affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack.
- The Federal Bureau of Investigation (FBI) is investigating the attack. United States’ Deputy National Security Advisor Anne Neuberger said in a statement on Sunday that President Joe Biden had “directed the full resources of the government to investigate this incident” and urged all who believed they were compromised to alert the FBI.
- The attack comes less than a month after Biden pressed Russian President Vladimir Putin to stop providing safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the US deems a national security threat.
- The businesses and services hit by the attack include financial services, travel and leisure – in almost all continents.
- Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing US offices would be lightly staffed. Many victims may not learn of it until they are back at work on Monday.
- Swedish grocery chain Coop kept most of its 800 stores closed for the second day on Sunday because their cash register software supplier was crippled.
- In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised.
- Two big Dutch IT services companies – VelzArt and Hoppenbrouwer Techniek – were also among reported victims.
- CEO Fred Voccola of the breached software company, Kaseya, estimated the victim number in the low thousands. The company said it sent a detection tool to nearly 900 customers on Saturday night.
- Ransomware criminals break into networks and sow malware that cripples networks on activation by scrambling all their data. Victims get a decoder key when they pay up.