A group of Russian hackers calling themselves REvil is demanding $70 million to unlock computers swept up in a widespread ransomware attack that started to unfold July 2. It is the latest of such high-profile incidents that the U.S. government has been trying to stamp out, along with other cybercrimes.
What happened in the Kaseya ransomware attack?
Kaseya Ltd. is a Miami-based company that provides software to help other businesses manage their networks. The hackers targeted Kaseya’s virtual systems/server administrator (VSA), a type of software that large companies and technology-service providers use to manage and send out software updates to systems on computer networks. The hackers were able to distribute ransomware by exploiting several vulnerabilities in the VSA software, a Kaseya spokeswoman said.
By targeting Kaseya’s VSA, the hackers were able to open the door to infect more computers in what is known as a supply-chain attack. About 50 of Kaseya’s immediate customers were compromised and about 40 of those customers were sellers of information-technology services, which potentially let the hackers reach more victims, the company’s chief executive, Fred Voccola, said. The company’s own corporate systems weren’t compromised, he said.
Kaseya on July 5 said fewer than 1,500 businesses in total were likely hit. Many of those companies are small and midsize businesses with little direct exposure to consumers, though a Swedish supermarket chain was forced to close some outlets over the weekend because of the attack.
Supply-chain attacks like the one involving Kaseya have long been a concern for cybersecurity professionals, even more so after last year’s so-called SolarWinds hack. In that sophisticated cyberheist, the perpetrators linked by U.S. authorities to Russia’s Foreign Intelligence Service were able to install tainted network-monitoring software to gain access to sometimes sensitive company and government data.