Hackers are demanding $ 70 million in Bitcoin in exchange for data stolen during a “Gargantuan” attack on a U.S. information technology (IT) company that closed hundreds of Swedish supermarkets on July 5. It was.
Researchers believe that more than 1,000 companies may have been affected by the attack on Miami-based company Kaseya, which provides IT services to approximately 40,000 companies worldwide. I will.
The FBI said on July 4 that a “ransomware” attack (a form of digital hostage attack in which hackers encrypt victims’ data and demand money to restore access) is so large that it “responds to each.” It may not be possible. ” Individually victims “.
Ciaran Martin, a professor of cybersecurity at Oxford University, said:
“By the nature of the attack, there is still a lot of uncertainty about its consequences,” he emphasized.
However, this is a “supply chain attack”, servicing thousands of businesses, many of whom provide IT support to small businesses such as car dealerships, so the total number of victims is potentially He added that it was huge.
Sweden’s Coop supermarket chain is one of the indirect victims, and cashiers have been paralyzed since July 2, when IT subcontractor Visma Esscom was attacked.
Most of Coop’s 800 stores were still closed on June 5, and spokesman Kevin Bell told AFP that hundreds of stores reopened relying on alternative payment solutions, including customers who pay using smartphones. there is.
Cybersecurity firm ESET said it has identified hacking victims in at least 17 countries, from South Africa to the United Kingdom and Mexico. The New Zealand Ministry of Education said at least two schools were affected.
Experts believe that the attack was probably carried out by REvil, a Russian-speaking hacking group known as the prolific perpetrator of ransomware attacks.
A post on Happy Blog, a site on the dark web that was previously associated with the group, claimed responsibility for the attack and stated that it had infected “more than a million systems.” According to Martin.
The FBI believes REvil, also known as Sodino Kibi, was behind a ransomware attack on global meat processing giant JBS last month. The Brazilian-based company has paid hackers $ 11 million in Bitcoin.
According to a hacker’s blog post, if $ 70 million is given in Bitcoin, we will release a decryption tool online “so that everyone can recover from the attack within an hour.”
According to Martin, hackers are reaching out to individual victims and demanding a smaller ransom.
“As far as I understand, they are demanding about $ 50,000 for small organizations and $ 5 million for large organizations,” he said. “I don’t know who paid.”
Kaseya said on July 4 that it believes the damage was limited to “very few” customers using its own VSA software that allows companies to manage their computer and printer networks from one place.
However, cybersecurity firm Huntress Labs said in a Reddit forum that it was working with a partner who was the target of the attack and that the software was manipulated “to encrypt more than 1,000 companies.”
Kaseya said it “shut down” the server “immediately” after detecting the attack on July 2, and warned VSA customers to do the same “to prevent breaches.”
The company has released a tool that allows customers to see if their computer system is at risk from an attack.
In recent months, many US companies, including computer group SolarWinds and the Colonial Oil Pipeline, have been victims of a well-known ransomware attack in which the FBI accuses Russia-based hackers.
Washington officials have not accused the Kremlin of being directly involved in such an attack, but said Russia has hackers to be arrested.
US President Joe Biden raised the threat in a meeting with Russian President Vladimir Putin last month and ordered a full investigation of the Kaseya attack on July 3.
“Most experts think it’s very unlikely that it’s state-led,” Martin said of this latest cyberattack. “It is acceptable to the nation.”