A massive ransomware attack described as the “single biggest global ransomware attack on record” affected thousands of companies in 17 countries on Friday as attackers targeted at least 20 managed-service providers, which offer IT services to businesses.
While President Biden said there it’s not clear that the attack came from Russia, it is being widely reported that a Russia-linked group is responsible.
“If it is [Russia], either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond,” Biden told reporters on Saturday.
CEO Fred Voccola of the breached software company, Kaseya, estimated the victim number in the low thousands, mostly small businesses like “dental practices, architecture firms, plastic surgery centers, libraries, things like that.”
Voccola said in an interview that only between 50-60 of the company’s 37,000 customers were compromised. But 70% were managed service providers who use the company’s hacked VSA software to manage multiple customers. It automates the installation of software and security updates and manages backups and other vital tasks.
Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing U.S. offices would be lightly staffed. Many victims may not learn of it until they are back at work on Monday. Most end users of managed service providers “have no idea” whose software keep their networks humming, said Voccola,
Kaseya said it sent a detection tool to nearly 900 customers on Saturday night.
The REvil offer to offer blanket decryption for all victims of the Kaseya attack in exchange for $70 million suggested its inability to cope with the sheer quantity of infected networks, said Allan Liska, an analyst with the cybersecurity firm Recorded Future. Although analysts reported seeing demands of $5 million and $500,000 for bigger targets, it was apparently demanding $45,000 for most.
“This attack is a lot bigger than they expected and it is getting a lot of attention. It is in REvil’s interest to end it quickly,” said Liska. “This is a nightmare to manage.” (AP)
According to Deputy National Security Advisor Anne Neuberger, Biden has “directed the full resources of the government to investigate this incident.”
The attack comes weeks after Biden met with Russian President Vladimir Putin and spoke to him about cracking down on ransomware gangs, with critics noting he wasn't very convincing. Oddly, Biden gave Putin a list of 16 critical infrastructure that he said were off-limits.
The fruits of Biden’s stern lecture to Putin on the subject
— Brian LeCompte (@LecompteBrian) July 3, 2021
Was this on Sleepy Joe’s list of approved hackable industries? https://t.co/tgDJ7XBHVE
— Jesse L. Stokes (@JesseStokes813) July 4, 2021