The biggest single ransomware attack ever recorded managed to ruin the July 4th celebrations for hundreds of businesses in the USA. The attack organized by the Russia-linked hacker organization REvil happened during the Independence Day long weekend. The supply-chain ransomware attack leveraged a vulnerability in Kaseya VSA software against multiple managed service providers (MSPs) and their customers.
The news that REvil is demanding millions of dollars to end the attack began circulating on July 3rd. With businesses already closed for the festive weekend, many discovered that they were affected by the ransomware attack on Tuesday morning when employees returned to work. REvil said they would post a universal tool decrypting the affected servers and systems if they receive $70 million in cryptocurrency. However, it is currently unknown if any of the affected companies have paid the individual ransom estimated to be between $45,000 and $5 million, depending on the company size.
The FBI encouraged affected businesses to immediately shut down all VSA servers and report Kaseya-related ransomware attacks. Reports made on time are often valuable for federal agencies such as CISA and FBI as it helps them analyze the problem and recommend possible solutions. FBI expressed readiness to assist any impacted organizations and advised that the federal agency may be unable to respond to each affected business individually because of the scale of the incident. The Russian government said they were not aware of the attack.
REvil, which is believed to be situated in Russia, is a hacker organization specializing in ransomware attacks. They usually threaten to publish or delete valuable information unless paid a ransom. Their roots are unknown, but many believe the hackers are located in Russia and countries from the Soviet bloc as the group never attacks entities located in those regions. The same hacker group managed to steal Apple’s secret schematics for upcoming products from one of Apple’s suppliers and also extorted JBS with $11 million in a highly-publicized attack on the world’s largest meat producer that happened during the Memorial Day weekend earlier this year.
Businesses in the USA were not the only ones to suffer from the attack. Companies located all around the globe but predominantly in western countries were affected by the cybersecurity incident. Dutch, Swedish and German companies, among many other, were involved in the ransomware attack. What makes the REvil attack particularly interesting is not only the scale of the attack but also the type of victims – this time, the attack did not target a large corporation asking for a hefty ransom, but the hackers made their way into the systems of regular small businesses such as dental and plastic surgery practices, architecture firms, and other small entities.
If you or your business want to stay ahead of the pack, now is a great time to add another layer of security to protect your systems by getting a reputable antivirus software solution installed on all your connected devices.