A ransomware attack on Friday could have affected more than 1,000 companies in several countries. Among the victims, the Swedish supermarket chain Coop, which is already closed About eight hundred shops in the country had to be closed, After the company’s cash records were paralyzed by a cyber attack. WellsArt, a Dutch company based in Whartenburg that provides ICT services to SMEs, was also affected. Reported in a blog.
In hackers, identified by analysts Security Company Huntress Labs The Russian cyber mob is affiliated with Revil, which manages to encrypt the victims’ systems and place recovery requests to recover the files. Small companies pay about $ 45,000 (about சுமார் 38,000), while large companies pay $ 5 million.
The hackers accessed all of those systems by accessing VSA, a popular software package from Casey’s that IC companies use to remotely manage their customers’ computer systems. Casey advises users Disable VSA servers immediately. It National Cyber Security Center The hack invites Dutch users to do the same.
White House sanctions
These types of ‘supply chain attacks’, in which trusted third-party software is infiltrated and misused by victims, are on the rise. It came to light in December that hackers were able to secretly pickpocket Orion, an update to the widely used network surveillance package from Solar Winds in previous months, to enter US government services, among other things. In that hack, the culprits may be after confidential information. In April, the White House imposed sanctions on six Russian technology companies that allegedly broke with the Russian intelligence services.
This time, however, it seems that the perpetrators were purely for money. “This is one of the biggest NGO attacks we have ever seen, and it appears to be purely for money,” Andrew Howard of the Swiss security firm Goodelsky Security told IPS. Bloomberg.
Related to this latest attack, Revil offers ransomware-as-a-service where criminal clients hire cryptographic software and outsource victims’ negotiation and payment processes for a fee. The group was responsible for a ransomware attack on meat processor JPS last May. Following the closure of slaughterhouses in the United States and Australia, the company paid about $ 11 million (9. 9.3 million) to restore its facilities.
Russia is becoming blind
US President Joe Biden mentioned the attack during a meeting with her rival Vladimir Putin in Geneva on June 16. The United States has accused Russia of not only indiscriminately conducting cyber-attacks such as attempts to influence US elections or the Solar Winds attack, but also of turning a blind eye to the activities of criminal gangs such as the Rev.
Biden warned during the meeting that “all options are on the table, including the active hacking pack” when dealing with cyber attacks. In May, the FBI seized the servers and the ransom paid by another Russian ransomware group, Dorxide. He confiscated $ 4.4 million (over 3. 3.6 million) from the Colonial Pipeline, an important fuel pipeline in East America, which was shut down for several days due to a ransomware attack.
Read this too Diplomatic dance for Biden, Putin and Russian hackers
After the summit, Putin denied that Russia played a key role in ransomware attacks or other types of hacking. Biden said he had agreed with Putin to continue talks on a list of key pieces of US infrastructure that should never be used for cyber-attacks.
It is not yet clear which companies were affected by the attack on Kasaya. It is feared that the scale of the attack will increase significantly in the coming days: because of Independence Day, Americans have a long weekend, which means many companies will not be relaunched until Tuesday.
Update (July 3, 2021): This post was updated on Saturday evening.