Hundreds of US companies were affected by a ransomware attack that occurred on Friday, July 2, 2021.
Huntress Labs security researcher John Hammond said the hackers targeted the software company Kaseya and used its network package-management system to spread the ransomware through cloud service providers. Other researchers agreed with his assessment.
In a statement on its website, Kaseya urged customers to shut down servers running the affected software. It is still unclear how many of its clients have been affected, but the company is a service provider for many businesses of varying sizes.
It’s thought the attack was timed for the 4th of July weekend, seeing as fewer employees, and therefore, IT staff would be around to closely monitor networks.
Hammond said he was aware of four managed service providers hit by the ransomware attack. Thousands of computers from between 800-1500 businesses were affected.
In terms of the identity of the hackers, researchers speculated that the group “REvil” is responsible. The thought-to-be Russian collective operates a ransomware-as-a-service model.
This means they create the ransomware and negotiate payments, while “affiliates” spread it and get a cut of the proceedings. The idea is to encrypt the victims’ files until a ransom is paid.
An effective model, seeing as potentially anyone could become a spreader under the right conditions.
REvil confirmed it was indeed them when a notice appeared on their website claiming responsibility. In exchange for publishing a universal decryptor for the files of all victims, they are demanding $70,000,000 in Bitcoin.
Surveys to determine the extent of the incident are ongoing, and concerns are great, seeing as this isn’t the first big ransomware attack this year. In the meantime, companies would do well to ensure they follow a regular routine of data backups.