Last week Friday, remote management solutions provider Kaseya let its customers know that it was the victim of a ransomware attack. It is said to be impacting thousands of companies across the globe, with cybersecurity firm Sophos currently investigating this supply chain distribution attack that’s targeting managed service providers.
Over the weekend, more information came to light, with ransomware gang REvil taking credit for the attack. The organisation is also asking for $70 million in Bitcoin for a decrypter.
“On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is 70 000 000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour. If you are interested in such deal – contact us using victims ‘readme’ file instructions,” REvil posted on its dark web blog, according to The Record.
It remains to be seen whether Kaseya will acquiesce to the demands, but if it did, it would represent the largest known ransomware payment to date.
The company may very well have to pay the ransom, if the extent to which the attack is spreading is to be believed.
“This is one of the farthest reaching criminal ransomware attacks that Sophos has ever seen. At this time, our evidence shows that more than 70 managed service providers were impacted, resulting in more than 350 further impacted organizations. We expect the full scope of victim organizations to be higher than what’s being reported by any individual security company. Victims span a range of worldwide locations with most in the United States, Germany and Canada, and others in Australia, the U.K. and other regions,” notes Ross McKerchar, Sophos VP and Chief Information Security Officer in a statement sent to Hypertext.
“A day after the attack, it became more evident that an affiliate of the REvil Ransomware-as-a-Service (RaaS) leveraged a zero-day exploit that allowed it to distribute the ransomware via Kaseya’s Virtual Systems Administrator (VSA) software. Usually, this software offers a highly trusted communication channel that allows MSPs unlimited privileged access to help many businesses with their IT environments,” added Mark Loman, Sophos director of Engineering.
With cybercriminals becoming more brazen during the pandemic, attacks like these are becoming all too common.