Hackers have demanded well over 70 million US dollars for companies affected by mass ransomware attacks. These hackers have shut down systems until the ransom is paid. This was discovered in a post on the dark web, on a blog typically used by a Russian cybercrime group called REvil. Here’s an in-depth report by Asiaone news about the case.
The mastermind behind these mass cyberattacks
If you didn’t know, REvil is one of the world’s most prolific criminals on the web. Due to their affiliate structure, it is kind of difficult to identify where the ransom or demand is coming from amongst the group. Some firms in the cyber-security department believed it’s from REvil’s core leadership.
Last July 2, REvil executed a ransomware attack that broke into Kaseya, a Miami-based information technology firm. REvil hacked its way through the system to get access to Kaseya’s clients and its customers, which set off a chain reaction that put many computers into a halt.
According to the cyber-security firm ESET, around a dozen different countries were affected by the cyberattack. An executive of Kaseya confirmed that they are aware of the current situation and the demand of the hackers for ransom.
Since then, a slew of unfortunate series of attacks was reported. Kaseya is offering services to well over 40,000 organizations around the world and being the target of this cyberattack means that all companies and clients under their umbrella are inevitably in grave danger.
FBI revealed that REvil was also the one behind the hacking of the world’s largest meat processor, JBS, back in May of this year. If anything, more and more businesses will fall victim to these hackers’ hands.
The impact of the cyberattacks
Last July 3, Saturday, one of Sweden’s largest grocery retailers Coop has also been affected by these “sophisticated cyberattacks”. The majority of Coop’s cash registers had been knocked offline, making it one of the most devastating attacks they have received.
The said grocery retailer has no choice but to close at least 800 stores, which was confirmed by Sebastian Elfors, a cybersecurity researcher for security company Yubico. There are signs posted outside every Coop store which say: “We have been hit by a large IT disturbance and our systems do not work.”
Elfors went on to add that a major pharmaceutical chain and the Swedish railway had also been affected by the Kaseya attack. Further attacks include small public-sector bodies, travel and leisure companies, and credit accountants and unions. This whole fiasco has certainly impacted businesses of all scales and sizes.
What this means for Singapore
Luckily, there has been no indication of any case of a data breach or any critical cyberattack amongst Singapore firms from the Kaseya cyberattack. The Cyber Security Agency of Singapore made a statement that they will be monitoring the situation for any potential threat that could impact firms in the country.
The agency added that they are working very closely with regional and international partners in investigating the matter and how this can be prevented in the future. To this day, REvil’s ransom has increased to a ridiculous amount of money of 94 million dollars.
For now, Kesaya has advised their clients and customers that use VSA to immediately shut down their servers for further compromises. VSA is a systems management platform that is a unified remote monitoring and management system.
While they claim that everything has been limited to a very small number of consumers only, they ensured that they are in the process of further investigating the main cause of these attacks with the utmost importance, as well as trying to find the solution to prevent these kinds of attacks from ever occurring again.