Last week, yet another ransomware attack hit a software vendor Kaseya, compromising numerous IT companies and over 1,000 companies that are their clients. Hackers asked for a bitcoin payment worth $70 million to give Kaseya a decryption tool to fix the damage.
After JBS Foods and Colonial Pipeline, Kaseya seems to be a part of the string of attacks that target significant players of their respective industries. These have opened the issue of cyber safety and the risks such attacks could pose for both digital and physical infrastructure, attracting the attention of US officials and corporate leaders.
Kaseya provides software that is a kind of the digital backbone of their clients and third-party providers that are mostly small or medium-sized companies. The company’s official statement claims that the first attack was registered on Friday afternoon in VSA — a remote management software.
Despite the fact Kaseya shut the software access to stop the attack, over 12 IT companies were knocked out completely during the weekend. On Tuesday, the number escalated to 50 companies that were directly compromised, meaning around 1,500 clients worldwide were affected.
It is confirmed that the attack was conducted by REvil. This hacking group, a hacking group that appeared in 2019 and became a sort of leader in the rising field of ‘’ransomware-as-a-service.’’ While they are believed to operate out of Russia or Eastern Europe, they don’t carry out all the attacks on their own.
The group provides tools for other groups to perform these attacks, targeting JBS Foods, Acer, and Quanta Computer in the previous month. Following these, the White House urged all companies to report all safety breaches to the Internet Crime Complaint Center.