At the weekend ransomware-as-a-service group REvil claimed responsibility for a massive ransomware attack on managed service providers (MSPs).
The group is demanding $70 000 000 in Bitcoin in exchange for a decryption key that “decrypts files of all victims, so everyone will be able to recover from attack in less than an hour”.
Following this ransomware attack, Kaspersky has noted an alarming uptick in the number of ransomware attacks around the world. So far, Kaspersky’s Threat Intelligence Service has noted more than 5 000 attack attempts in 22 countries.
“Ransomware gangs and their affiliates continue to up their game after high-profile attacks on the Colonial Pipeline and JBS, and many other organisations in different countries since then. This time, REvil operators have carried out a massive attack on MSPs with thousands of managed businesses around the world, infecting them as well,” Vladimir Kuskov, head of threat exploitation at Kaspersky, said in a statement.
Whether these new ransomware attacks are linked to the attack on Kaseya or whether they are simply inspired by the attack is unclear.
We say this because REvil used Kaseya’s update systems to spread malicious software. While Kaseya says that only 60 of its customers were directly compromised by the attack, those customers manage IT services for multiple customers, hence it’s unclear whether this latest surge is as a result of those customers being compromised or if, as we mentioned, other cybercriminals are simply inspired by REvil.
“This case once again demonstrates how important it is to implement proper cybersecurity measurements and solutions at all stages – including suppliers and partners,” Kuskov added.