Last week, hackers infiltrated a Florida-based IT company and deployed a ransomware attack, seizing treasures of data and demanding $ 70 million in payment for its return.
The Kaseya hack, which has already been dubbed “the biggest ransomware attack on record,” hit hundreds of businesses around the world, including supermarkets in Sweden and schools in New Zealand.
In the aftermath of the attack, cybersecurity teams scramble to regain control of the stolen data as the Biden administration considers possible diplomatic responses. Here’s what you need to know about the attack, its impact, and what happens next.
What happened and what makes this hack particularly bad?
Hackers infiltrated Kaseya, accessed its customers’ data, and demanded a ransom for returning the data. According to experts, the hacking is particularly serious: Kaseya is what is called a “managed service provider”. This means that its systems are used by companies that are too small or have little resources to have their own technical departments. Kaseya regularly provides updates to its customers to keep their systems secure. But in this case, those security features have been hijacked to push malware onto customer systems.
This hack was particularly egregious because the malicious actors behind it targeted the very systems typically used to protect customers from malware, said Doug Schmidt, professor of computer science at Vanderbilt University.
“It’s very scary for a lot of reasons – it’s a totally different type of attack than what we’ve seen before,” Schmidt said. “If you can attack someone through a trusted channel, it’s incredibly ubiquitous – it’s going to ricochet far beyond the author’s wildest dreams. “
Kaseya said that between 800 and 1,500 companies were affected by the hack, although independent researchers put the figure at nearly 2,000. There are at least 145 victims in the United States, according to an external analysis by Sophos Labs, including local and state governments and agencies, as well as small and medium-sized businesses.
Joe Biden said on Tuesday that while a number of small U.S. businesses like dental offices or accountants could have felt the effects of the hack, few domestic businesses were affected.
“It appears to have caused minimal damage to US businesses, but we are still collecting information,” Biden told reporters following an advisers briefing. “I feel good about our ability to be able to respond. “
Meanwhile, the impact has reached other continents, and the disruption has been felt more severely in other countries. In Sweden, hundreds of supermarkets had to close when their cash registers became inoperative and in New Zealand, many schools and kindergartens were taken offline.
Who is behind the hack?
Subsidiaries of the Russian hacker group REvil claimed responsibility for the attack. REVil is the group that unleashed a major ransomware attack on meat producer JBS in June, crippling the company and its supply chain until it paid an $ 11 million ransom.
REvil quickly grew into a huge operation, offering “ransomware as a service” meaning it praises its ability to extort businesses from other criminals and keeps a percentage of every payment. Its business operates on a large scale, offering customer service hotlines to make it easier for its victims to pay ransoms.
What happens next?
Kaseya CEO Fred Voccola told Reuters he could not confirm whether Kaseya would pay the $ 70 million ransom or negotiate with the hackers cheaply: “No comment on anything to do with negotiations with terrorists in any way, ”he said. .
If the ransom is paid, it could exacerbate an arms race against ransomware, Schmidt said. When hackers were successful, he said, they accumulated more financial resources, enabling them to acquire better equipment, improved operations, and more skilled hackers.
“When hackers are confident that they will get paid and that they won’t get caught, they get a lot more brazen,” he said. “We are going to see a major and major escalation of this type of attack. It’s going to be a lot worse. “
In addition to REvil’s attacks on Kaseya and JBS in recent weeks, another Russian-linked group attacked US fuel carrier Colonial Pipeline in May. It was revealed on Tuesday that the Republican National Committee of the United States may have been affected by a violation by another Russian-based hacking collective.
As the attacks escalate, the Biden administration has discussed its domestic and international responses. White House press secretary Jen Psaki told a press conference on Tuesday that Biden would meet with officials from the Justice, Homeland Security and State departments and the intelligence community on Wednesday. to discuss ransomware and the US efforts to counter it.
She also said senior U.S. officials will meet with their Russian counterparts next week to discuss the ransomware issue.
“As the President made clear to President Putin during their meeting, if the Russian government cannot or does not want to take action against criminal actors in Russia, we will take action or we will reserve the right,” she declared.
Reuters contributed to this report