US software company decides to restart after massive ransomware attack
SAN FRANCISCO: A U.S. software company hit by a major ransomware attack that crippled hundreds of businesses around the world said it was on track to restart its servers later Tuesday to bring customers back online.
Kaseya, the Miami-based IT company at the center of the hack, said it pushed back its forecast by two hours and hoped to resume operations between 2000 and 11:00 p.m. GMT.
The news comes after an unprecedented attack that affected around 1,500 businesses and prompted a ransom demand of $ 70 million.
Systems were brought back online with “enhanced security measures” and “the ability to quarantine and isolate entire files and servers …” in the event of infection.
“Later today, we will issue an out-of-the-box statement that you can use to communicate the incident and the security measures we have in place to your customers,” said a statement from Kaseya.
While Kaseya is little known to the public, analysts say it was a ripe target as its software is used by thousands of businesses, allowing hackers to cripple large numbers of businesses in one fell swoop.
Kaseya provides IT services to some 40,000 companies around the world, some of which in turn manage the IT systems of other companies.
The hack affected users of its VSA signing software, which is used to manage computer and printer networks.
Experts believe it could be the biggest ransomware attack on record – an increasingly lucrative form of digital hostage-taking in which hackers encrypt victims’ data and then demand it. ‘money for restored access.
The Kaseya attack ricocheted around the world, affecting businesses, from pharmacies to gas stations in at least 17 countries, as well as dozens of New Zealand kindergartens.
Most of Sweden’s 800 Coop supermarkets were closed for the third day in a row after the hack crippled their cash registers.
Kaseya said Monday that while less than 60 of its own customers were “directly compromised”, it estimated that as many as “1,500 downstream companies” had been affected.
White House spokeswoman Jen Psaki said the administration was monitoring the situation amid reports the attacks came from a Russia-based cybergang. But she noted that “the intelligence community has yet to attribute the attack … we will continue to allow this assessment to continue.”
Psaki reiterated the warning that President Joe Biden gave to his counterpart Vladimir Putin about Russia harboring cybercriminals, stating that “if the Russian government cannot or does not want to take action against criminal actors residing in Russia, we will take action, or we reserve the right to take action against our own. “
Biden, when asked about the incident on Tuesday, said that so far there appeared to be “minimal damage to US businesses” but that “we are still collecting information on the full extent of the attack.”
– Go out with a bang? –
REvil, a group of Russian-speaking hackers who are prolific authors of ransomware attacks, is widely believed to be behind Friday’s attack.
An article on Happy Blog, a dark web site associated with the group, claimed responsibility for the attack, saying it had infected “over a million systems.”
Hackers demanded $ 70 million in bitcoin in exchange for releasing an online tool that would decrypt the stolen data.
While hackers are believed to have contacted individual victims asking for smaller payments, the unprecedented demand of $ 70 million surprised analysts.
French cybersecurity expert Robinson Delaugerre has suggested that REvil may treat Kaseya’s attack as a spectacular last act before shutting down.
The group was responsible for around 29% of ransomware attacks in 2020, according to IBM’s Security X-Force unit, looting around $ 123 million.
“Our hypothesis is that REvil is going to disappear and this is his last big act,” he told AFP, predicting that the group – which also goes by the name Sodinokibi – could reappear under a new name.
The FBI believes REvil was also behind a ransomware attack last month on global meat-processing giant JBS, which ended up paying hackers $ 11 million.
The United States has been the target of high-profile cyber attacks in recent months, blamed on Russian-based hackers, with the Colonial pipeline and computer company SolarWinds among the targets.