#AceSecurityReport – July.05: Cybersecurity experts are continuing to work to stem the impact of what may be the single biggest global ransomware attack of its kind on record.
#AceSecurityDesk says that on Friday we published this post over this Ransomeware attack and this follow up is the latest details that thousands of companies in 17 countries were infected and thousands of people became victims
An affiliate of Russia’s notorious REvil gang, best known for extorting $US11 million ($15 million) from meat processor JBS earlier this year, infected thousands of victims in at least 17 countries on Friday.
Miami-based IT firm Kaseya, which was the initial target of the attack, said fewer than 60 of its customers had been “directly affected”.
But the full impact of the intrusion is still coming into focus, in part because the Kaseya software tool commandeered by the cyber criminals is used by so-called managed service providers, which handle back-office IT work like like installing updates for other businesses.
In some cases, chain reactions fed more widespread disruption.
The Swedish Coop grocery store chain had to close hundreds of stores on Saturday because its cash registers are run by Visma Esscom, which manages servers for a number of Swedish businesses and in turn uses Kaseya.
Brett Callow, a ransomware expert at the cybersecurity firm Emsisoft, said he was unaware of any previous ransomware supply-chain attack on this scale.
There have been others, but they were fairly minor, he said.
The FBI said it was investigating the attack, along with the federal Cybersecurity and Infrastructure Security Agency, but added that “the scale of this incident may make it so that we are unable to respond to each victim individually”.
Deputy national security advisor Anne Neuberger later issued a statement saying President Joe Biden had “directed the full resources of the government to investigate this incident”, and urged all who believed they were compromised to alert the FBI.
On Saturday Mr Biden had suggested the US would respond if the Kremlin was found to be involved.
The attack came less than a month after Mr Biden pressed Russian President Vladimir Putin to stop providing safe haven to REvil and other ransomware gangs whose attacks the US deems a national security threat.
Mostly smaller business affected
The businesses and public agencies hit by the latest attack included financial services, travel and leisure and the public sector, but few large companies were involved, cybersecurity firm Sophos reported.
Ransomware criminals break into networks and sow malware that cripples networks on activation by scrambling all their data. Victims get a decoder key when they pay up.
Kaseya chief executive Fred Voccola estimated the number of total victims to be in the low thousands, mostly small businesses like “dental practices, architecture firms, plastic surgery centres, libraries, things like that”.
Mr Voccola said that only between 50 to 60 of the company’s 37,000 customers were compromised.
But he said 70 per cent of those were managed service providers who used the company’s software to manage multiple customers.
The program automates the installation of software and security updates and manages backups and other vital tasks.
Cybersecurity firm ESET identified victims in at least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.
Timing no coincidence
Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies hit by the ransomware.
It was no accident it happened before the Fourth of July weekend, when IT staffing was generally thin in the US, he added.
“There’s zero doubt in my mind that the timing here was intentional,” he said.
Many victims in the US may not learn of it until they are back at work on Monday.Ransomware attacks on rise in agribusinesses sectorThe agriculture industry is being urged to beef up IT security systems with “a doubling in each quarter” of cyber attacks against the sector.
The vast majority of end customers of managed service providers “have no idea” what kind of software is used to keep their networks humming, said Mr Voccola.
Kaseya said it sent a detection tool to nearly 900 customers on Saturday night.
John Hammond of Huntress Labs, one of the first cybersecurity firms to sound the alarm on the attack, said he had seen $US5 million and $US500,000 demands by REvil for the decryptor key needed to unlock scrambled networks. The smallest amount demanded appears to have been $US45,000.
This is not the first ransomware attack to target managed services providers.
In 2019, criminals hobbled the networks of 22 Texas municipalities through one. That same year, 400 US dental practices were crippled in a separate attack.
#AceNewsDesk report ………Published: July.05: 2021:
Information provided by: #AceSecurityDesk/AP/Reuters/various security firms/
Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com