July 06, 2021
Hackers Demand $70 Million to End Cyberattack
Up to 1,500 businesses may have been compromised. Affected companies are urged to contact the FBI.
UPDATE, 1 p.m. Eastern Friday, July 9th: Kaseya is continuing to deal with fallout from the attack. It intends to bring customers back online on July 11, at 4 PM EDT.
Hackers are demanding $70 million in Bitcoin payment as ransom in a cyberattack that’s estimated to have compromised between 800 and 1,500 businesses around the world, including in the United States.
Digital criminals believed to be from REvil, a ransomware gang reportedly based in Eastern Europe or Russia, launched the attack on Kaseya, a Miami-headquartered IT management software firm that specializes in cybersecurity.
The attack, which began Friday, July 2, directly impacted about 50 of Kaseya’s customers. However, many more companies were affected because Kaseya’s clients provide information technology services to those businesses. “The attack locked up computers at schools in New Zealand and locked up cash registers at Coop, a Swedish grocery store chain that was forced to shut some outlets,” The Wall Street Journal reported.
The cyberattack caused concern in Washington, D.C., with national security officials worried there could be widespread impacts. Kaseya CEO Fred Voccola has said the company doesn’t have evidence that important national infrastructure was affected by the attack, adding that there’s no indication any victims are tied to national security concerns.
Love this incredibly helpful and informative piece by @TheresaHegel, on such a critical topic these days. @jnnorris @daledenham @Collab_Seth
— Michele Bell (@ASI_MBell) June 30, 2021
"How to Handle a Ransomware Attack in Progress" https://t.co/al8XDFWxLr
Federal authorities are urging any companies that believe they’ve been victimized as part of the attack to report it to the Federal Bureau of Investigation’s Internet Crime Complaint Center. Promotional products firms should heed that advice.
In a statement, Kaseya said that it has met with U.S. government agencies, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). The company also reportedly talked with the White House and cybersecurity firm FireEye Mandiant.
Are you taking the cyber threats and con attempts aimed at your #promproducts business seriously? If not, you're risking a lot: https://t.co/FQgW9soGM5 @Tim_Andrews_ASI @ASI_MBell @asicentral
— Chris Ruvo (@ChrisR_ASI) June 22, 2021
In a ransomware assault, hackers launch malicious software that encrypts the content of computers, preventing the devices from being used and denying access to the information they contain. The criminals then demand that victims pay them a ransom in exchange for a decryption key, which is used to free computers.
Kaseya reported that it’s putting in place strengthened tech bulwarks and giving clients time to put “these counter measures in place in anticipation of a return to service on July 6.”
“Our global teams are working around the clock to get our customers back up and running,” Voccola said in a statement. “We understand that every second they are shut down, it impacts their livelihood, which is why we’re working feverishly to get this resolved.”
Voccola told reporters that he would not comment on whether or not Kaseya was going to pay the ransom.
Ransomware attacks have been on the rise. ASI Media has been urging promo products companies to be aware to the threat and to educate employees. Get advice on how to handle a ransomware attack here.
In 2020, the FBI received almost 2,500 reports of ransomware attacks – up 66% from the prior year. The actual number of cases is likely far higher.
Meanwhile, ransomware victims paid cyber crooks four times more in cryptocurrency ransom payments in 2020 than they did in 2019 – some $350 million, according to Chainalysis, a firm that specializes in blockchain analysis. The estimated total cost to the U.S. economy of ransomware hackings reportedly tallies in the billions each year.
Relatedly, Cybersecurity firm Sophos estimates that the average total cost of recovery from a ransomware attack has more than doubled in the last year, increasing from just over $760,000 in 2020 to $1.85 million in 2021.
In the cyberattack that happened about a month ago, REvil snared an $11 million payment from JBS. The attack on Kaseya could further embolden the group – and other digital criminals. “They have indicated that they are not backing down and they’re going to be even more focused on U.S. targets,” Chris Krebs, a partner at the security consulting firm Krebs Stamos Group LLC, told The Wall Street Journal. “What we’re seeing here is some signaling from the actors that these guys are here to stay.”