Around 1500 businesses around the world were impacted by a ransomware attack centred on the U.S information technology firm Kaseya.
- Hackers demanded $70 million in Bitcoin as a ransom.
- The company added that "customers who experienced ransomware and receive a communication from the attackers should not click on any links - they may be weaponized."
- Cybersecurity experts believe that the REvil ransomware gang broke into the mothership of a popular software management tool from the company Kaseya.
Around 1500 businesses around the world were impacted by a ransomware attack centred on the U.S information technology firm Kaseya.
Kaseya is a company that gives software tools to IT outsourcing shops: companies that typically handle back-office work for companies too small or modestly resourced to have their tech departments.
The hackers, believed to be linked to the notorious REvil group, used the VSA software developed by Kaseya, which helps companies remotely monitor their computer systems.
“On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is 70 000 000$ in BTC, and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from the attack in less than an hour. If you are interested in such deal – contact us using victims “readme” file instructions.” reads the message on its leak site.
The ransom demand is the greatest known in public memory, and the Kaseya ransomware attack is also one of the biggest-ever known cyber attacks.
Kaseya said it sent a detection tool to nearly 900 customers on Saturday night.
The cybersecurity firm ESET identified victims in at least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.
Miami based Kaseya has said that fewer than 60 of its customers were directly affected by the attack, but the disruption has been felt more keenly in Sweden.
The Swedish grocery chain Coop reported that most of its 800 stores would be closed because their cash register software supplier was crippled. A Swedish pharmacy chain, the state railway gas station chain, and public broadcaster SVT were also hit.
According to the dpa news agency, an unnamed IT service in Germany told authorities several thousand of its customers were compromised.
Kaseya, which called on customers on Friday to shut down their VSA servers immediately, said it hoped to have a patch in the next few days.
Kaseya has released a detection tool that could be used by organizations to determine if your infrastructure has been compromised.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?